Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
vQu0zndLpi.dll

Overview

General Information

Sample name:vQu0zndLpi.dll
renamed because original name is a hash value
Original sample name:bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18.dll.exe
Analysis ID:1572522
MD5:6b0b96b6ec7950943213da4f98fab1c7
SHA1:502b8b7c5888b476365345d029df4f1d80c381c2
SHA256:bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18
Tags:45-66-248-99exenembo81pruser-JAMESWT_MHT
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
AV process strings found (often used to terminate AV products)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

  • System is w10x64
  • loaddll64.exe (PID: 7476 cmdline: loaddll64.exe "C:\Users\user\Desktop\vQu0zndLpi.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7528 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 7552 cmdline: rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • WerFault.exe (PID: 7668 cmdline: C:\Windows\system32\WerFault.exe -u -p 7552 -s 468 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 7536 cmdline: rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,xtart MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7808 cmdline: rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,start MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7844 cmdline: rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,DllWinMain MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7908 cmdline: rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",xtart MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7920 cmdline: rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",start MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7936 cmdline: rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",DllWinMain MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7944 cmdline: rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",UnInstall MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: vQu0zndLpi.dllReversingLabs: Detection: 34%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.8% probability
Source: vQu0zndLpi.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: Binary string: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\bin\x64\Release\wsc.pdbd source: rundll32.exe, 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.3201068084.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.3201025176.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, vQu0zndLpi.dll
Source: Binary string: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\bin\x64\Release\wsc.pdb source: rundll32.exe, 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.3201068084.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.3201025176.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, vQu0zndLpi.dll

Networking

barindex
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 45.66.248.99 443Jump to behavior
Source: Joe Sandbox ViewASN Name: FREERANGECLOUDCA FREERANGECLOUDCA
Source: unknownTCP traffic detected without corresponding DNS query: 45.66.248.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.66.248.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.66.248.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.66.248.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.66.248.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.66.248.99
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000016C5BFF3C80 recv,10_2_0000016C5BFF3C80
Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF3AF04_2_00007FF8E7DF3AF0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DB88804_2_00007FF8E7DB8880
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D8B8904_2_00007FF8E7D8B890
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DCE8904_2_00007FF8E7DCE890
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DCA8204_2_00007FF8E7DCA820
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D737E04_2_00007FF8E7D737E0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DD87C04_2_00007FF8E7DD87C0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DBB7A04_2_00007FF8E7DBB7A0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D897504_2_00007FF8E7D89750
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DD77004_2_00007FF8E7DD7700
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E0E6DC4_2_00007FF8E7E0E6DC
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC66C04_2_00007FF8E7DC66C0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DB26D04_2_00007FF8E7DB26D0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC36004_2_00007FF8E7DC3600
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DFC5C84_2_00007FF8E7DFC5C8
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D8F5B04_2_00007FF8E7D8F5B0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DA35904_2_00007FF8E7DA3590
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DA05304_2_00007FF8E7DA0530
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC64F04_2_00007FF8E7DC64F0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC43E04_2_00007FF8E7DC43E0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D8A3C04_2_00007FF8E7D8A3C0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DFC3604_2_00007FF8E7DFC360
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DAA3204_2_00007FF8E7DAA320
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D963104_2_00007FF8E7D96310
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E142484_2_00007FF8E7E14248
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D991D74_2_00007FF8E7D991D7
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DDC1904_2_00007FF8E7DDC190
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DD81504_2_00007FF8E7DD8150
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DD30E04_2_00007FF8E7DD30E0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DCB0B04_2_00007FF8E7DCB0B0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC30404_2_00007FF8E7DC3040
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E0D0204_2_00007FF8E7E0D020
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DB80104_2_00007FF8E7DB8010
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF2FF04_2_00007FF8E7DF2FF0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E07F784_2_00007FF8E7E07F78
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E0FF584_2_00007FF8E7E0FF58
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E0BE084_2_00007FF8E7E0BE08
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E11D904_2_00007FF8E7E11D90
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D84D304_2_00007FF8E7D84D30
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E05C404_2_00007FF8E7E05C40
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DB5C504_2_00007FF8E7DB5C50
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DD8C004_2_00007FF8E7DD8C00
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF3BE44_2_00007FF8E7DF3BE4
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC3BE04_2_00007FF8E7DC3BE0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D96B404_2_00007FF8E7D96B40
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E08A844_2_00007FF8E7E08A84
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DBDA504_2_00007FF8E7DBDA50
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7E0DA2C4_2_00007FF8E7E0DA2C
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DCF9E04_2_00007FF8E7DCF9E0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DBF9F04_2_00007FF8E7DBF9F0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DD59F04_2_00007FF8E7DD59F0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D889604_2_00007FF8E7D88960
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_0000016C5BFF826A10_2_0000016C5BFF826A
Source: C:\Windows\System32\rundll32.exeCode function: 13_2_000001D6AE6B826A13_2_000001D6AE6B826A
Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8E7DFDFA8 appears 176 times
Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8E7D79980 appears 49 times
Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8E7D758A0 appears 187 times
Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8E7D7A750 appears 88 times
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7552 -s 468
Source: vQu0zndLpi.dllBinary or memory string: OriginalFilenamewsc.dllB" vs vQu0zndLpi.dll
Source: classification engineClassification label: mal60.evad.winDLL@21/5@0/1
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DCA4B0 CreateToolhelp32Snapshot,GetLastError,4_2_00007FF8E7DCA4B0
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D8B890 timeGetTime,CoCreateInstance,VariantInit,SafeArrayCreate,CoCreateInstance,_Mtx_unlock,VariantClear,4_2_00007FF8E7D8B890
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D8EA90 LoadResource,LockResource,SizeofResource,4_2_00007FF8E7D8EA90
Source: C:\Windows\System32\rundll32.exeMutant created: NULL
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7552
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\cd497a04-7ef6-4d04-9be3-1fe2953b23cbJump to behavior
Source: vQu0zndLpi.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,xtart
Source: vQu0zndLpi.dllReversingLabs: Detection: 34%
Source: rundll32.exeString found in binary or memory: /launch
Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\vQu0zndLpi.dll"
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,xtart
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7552 -s 468
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,start
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,DllWinMain
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",xtart
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",start
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",DllWinMain
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",UnInstall
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,xtartJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,startJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,DllWinMainJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",xtartJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",startJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",DllWinMainJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",UnInstallJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeAutomated click: OK
Source: C:\Windows\System32\rundll32.exeAutomated click: OK
Source: C:\Windows\System32\rundll32.exeAutomated click: OK
Source: C:\Windows\System32\rundll32.exeAutomated click: OK
Source: C:\Windows\System32\rundll32.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: vQu0zndLpi.dllStatic PE information: Image base 0x180000000 > 0x60000000
Source: vQu0zndLpi.dllStatic file information: File size 1138176 > 1048576
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: vQu0zndLpi.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: vQu0zndLpi.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\bin\x64\Release\wsc.pdbd source: rundll32.exe, 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.3201068084.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.3201025176.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, vQu0zndLpi.dll
Source: Binary string: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\bin\x64\Release\wsc.pdb source: rundll32.exe, 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.3201068084.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.3201025176.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmp, vQu0zndLpi.dll
Source: vQu0zndLpi.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: vQu0zndLpi.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: vQu0zndLpi.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: vQu0zndLpi.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: vQu0zndLpi.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF3E90 LoadLibraryA,GetProcAddressForCaller,4_2_00007FF8E7DF3E90
Source: vQu0zndLpi.dllStatic PE information: real checksum: 0x11082c should be: 0x11773c
Source: vQu0zndLpi.dllStatic PE information: section name: _RDATA
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC8440 FreeLibrary,FreeLibrary,GetModuleHandleExW,FreeLibrary,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF8E7DC8440
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\System32\rundll32.exeAPI coverage: 0.4 %
Source: C:\Windows\System32\loaddll64.exe TID: 7480Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7812Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7924Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: Amcache.hve.8.drBinary or memory string: VMware
Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: rundll32.exe, 0000000A.00000002.3200548922.0000016C5BD7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.8.drBinary or memory string: vmci.sys
Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: rundll32.exe, 0000000D.00000002.3200632330.000001D6AE488000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllttLzP
Source: Amcache.hve.8.drBinary or memory string: VMware20,1
Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF0B94 GetLastError,IsDebuggerPresent,OutputDebugStringW,4_2_00007FF8E7DF0B94
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF0B94 GetLastError,IsDebuggerPresent,OutputDebugStringW,4_2_00007FF8E7DF0B94
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF3E90 LoadLibraryA,GetProcAddressForCaller,4_2_00007FF8E7DF3E90
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7D71C00 GetProcessHeap,4_2_00007FF8E7D71C00
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DF9A28 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF8E7DF9A28

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 45.66.248.99 443Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1Jump to behavior
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC6C20 SetEntriesInAclW,LocalFree,LocalAlloc,LocalFree,GetLastError,LocalFree,InitializeSecurityDescriptor,GetLastError,SetSecurityDescriptorDacl,GetLastError,4_2_00007FF8E7DC6C20
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DC63B0 AllocateAndInitializeSid,GetLastError,4_2_00007FF8E7DC63B0
Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00007FF8E7E1A898
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,4_2_00007FF8E7E106B8
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,4_2_00007FF8E7E1A458
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,4_2_00007FF8E7E1A388
Source: C:\Windows\System32\rundll32.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,4_2_00007FF8E7E1A038
Source: C:\Windows\System32\rundll32.exeCode function: try_get_function,GetLocaleInfoW,4_2_00007FF8E7E10C4C
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FF8E7E1AA74
Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FF8E7DB8010 CreateFileW,GetLastError,GetFileTime,GetLastError,CloseHandle,FileTimeToSystemTime,GetLastError,GetSystemTime,CloseHandle,_invalid_parameter_noinfo_noreturn,4_2_00007FF8E7DB8010
Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
111
Process Injection
21
Virtualization/Sandbox Evasion
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
12
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API
Boot or Logon Initialization Scripts1
DLL Side-Loading
111
Process Injection
LSASS Memory41
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager21
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
Process Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Rundll32
LSA Secrets12
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1572522 Sample: vQu0zndLpi.dll Startdate: 10/12/2024 Architecture: WINDOWS Score: 60 26 Multi AV Scanner detection for submitted file 2->26 28 AI detected suspicious sample 2->28 8 loaddll64.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        13 rundll32.exe 8->13         started        16 cmd.exe 1 8->16         started        18 6 other processes 8->18 dnsIp5 30 System process connects to network (likely due to code injection or exploit) 10->30 24 45.66.248.99, 443, 49718, 49736 FREERANGECLOUDCA Russian Federation 13->24 20 rundll32.exe 16->20         started        signatures6 process7 process8 22 WerFault.exe 20 16 20->22         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
vQu0zndLpi.dll34%ReversingLabsWin64.Downloader.ZLoader
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.netAmcache.hve.8.drfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      45.66.248.99
      unknownRussian Federation
      53356FREERANGECLOUDCAtrue
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1572522
      Start date and time:2024-12-10 16:50:15 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 6m 14s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Run name:Run with higher sleep bypass
      Number of analysed new started processes analysed:20
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:vQu0zndLpi.dll
      renamed because original name is a hash value
      Original Sample Name:bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18.dll.exe
      Detection:MAL
      Classification:mal60.evad.winDLL@21/5@0/1
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 4
      • Number of non-executed functions: 236
      Cookbook Comments:
      • Found application associated with file extension: .dll
      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 52.168.117.173, 13.107.246.40, 20.190.159.23, 172.202.163.200
      • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • VT rate limit hit for: vQu0zndLpi.dll
      No simulations
      No context
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      s-part-0012.t-0009.t-msedge.netmtbkkesfthae.exeGet hashmaliciousVidarBrowse
      • 13.107.246.40
      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
      • 13.107.246.40
      file.exeGet hashmaliciousUnknownBrowse
      • 13.107.246.40
      https://www.cognitoforms.com/f/fWhXKikFUk-rIZ2zs1gjVw/1Get hashmaliciousUnknownBrowse
      • 13.107.246.40
      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
      • 13.107.246.40
      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
      • 13.107.246.40
      file.exeGet hashmaliciousCredential FlusherBrowse
      • 13.107.246.40
      file.exeGet hashmaliciousLummaCBrowse
      • 13.107.246.40
      http://iglawfirm.com/services/antai-fr/Get hashmaliciousUnknownBrowse
      • 13.107.246.40
      http://sales-agreement-carpal-relative.s3.amazonaws.com/payout/completed/SEKTJGJFFJlfkdjklm4GHKHKYKFLFL/onedrive.htmlGet hashmaliciousUnknownBrowse
      • 13.107.246.40
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      FREERANGECLOUDCAjklarm5.elfGet hashmaliciousUnknownBrowse
      • 216.24.208.32
      Jaws.exeGet hashmaliciousStealcBrowse
      • 45.66.248.237
      Setup-Pro.exeGet hashmaliciousStealc, VidarBrowse
      • 45.66.249.162
      forest.exeGet hashmaliciousUnknownBrowse
      • 45.66.249.249
      forest.exeGet hashmaliciousUnknownBrowse
      • 45.66.249.249
      arm.elfGet hashmaliciousMirai, MoobotBrowse
      • 23.129.35.4
      SecuriteInfo.com.Trojan.PWS.Siggen3.33653.31886.3628.exeGet hashmaliciousRaccoon Stealer v2Browse
      • 193.142.147.59
      SecuriteInfo.com.Trojan.PackedNET.2334.3801.19434.exeGet hashmaliciousPureLog Stealer, Raccoon Stealer v2, SmokeLoaderBrowse
      • 193.142.147.59
      Setup.exeGet hashmaliciousAsyncRAT, HTMLPhisher, Clipboard Hijacker, Phorpiex, PureLog Stealer, Raccoon Stealer v2, RedLineBrowse
      • 193.142.147.59
      No context
      No context
      Process:C:\Windows\System32\WerFault.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):65536
      Entropy (8bit):0.8158221362514262
      Encrypted:false
      SSDEEP:192:P7KRiEzyouu0H2MtjV/vzuiF3Z24lO8g/:zKRiNouVH2MtjFzuiF3Y4lO8w
      MD5:0E40A60B0C7B88B6F1E79C7DD58EF26A
      SHA1:A22DDB43B5F04ACDEF50C9F270C9D85B2267D6A8
      SHA-256:E129A1DC837E912F9D6A56B25CC80228946B1C495E1895652BF2D7660BB42703
      SHA-512:E6C420B39BB76F1DD4C618A11BCD076F3FCC7294A0E33F7FD4968668CAC33A50F5D2E4A0D6E53F80612742E144572D6F1283FE3F9D9EC4B71E0A903AD23BCA90
      Malicious:false
      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.1.9.4.6.9.4.1.5.3.1.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.1.9.4.7.0.3.3.7.1.8.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.b.0.d.f.1.7.3.-.7.5.7.3.-.4.2.c.5.-.a.9.4.0.-.f.a.c.4.f.d.2.d.c.3.3.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.b.6.0.7.b.f.e.-.e.b.f.3.-.4.1.e.f.-.a.e.5.a.-.b.e.3.f.d.8.5.b.1.2.9.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.v.Q.u.0.z.n.d.L.p.i...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.8.0.-.0.0.0.1.-.0.0.1.4.-.1.a.a.f.-.4.6.5.4.1.b.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.
      Process:C:\Windows\System32\WerFault.exe
      File Type:Mini DuMP crash report, 14 streams, Tue Dec 10 15:51:09 2024, 0x1205a4 type
      Category:dropped
      Size (bytes):566698
      Entropy (8bit):1.4533219106893092
      Encrypted:false
      SSDEEP:384:/FMBFVWjLpKInd1broP6SLzN9uasgRhf/w3NUnx+i/2s6zWxZ5WiVKQZ9vfQA6e4:tMB8x3+Sz7qmQU3o19hVVpc
      MD5:B47FD5F032437D97BE9DF61840D6101B
      SHA1:1CBD0853099D3DF9613B1414EBFA93A4F58BDC14
      SHA-256:ADE4D9D6A5FE3A1917D01AF199795EF8C5F7BE7EBFEB2E24183115DE5DEC5A44
      SHA-512:867AFB3E055F88388F19976EC5C3E0C828363BC9E130A37E5B427AC31195A82438C7348A2D0A3B21A502EA66E5535D31BC2ADC11E009F70048C7FFA10EE3485E
      Malicious:false
      Preview:MDMP..a..... .......mcXg........................................X-..........T.......8...........T...........X...R...........H...........4...............................................................................eJ..............Lw......................T...........lcXg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Windows\System32\WerFault.exe
      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):8530
      Entropy (8bit):3.697826936796312
      Encrypted:false
      SSDEEP:192:R6l7wVeJAjrndQ6YrDJ+5gmfp9jpD089bd/SfoKbfm:R6lXJqr66YHJogmfp93dKfoKq
      MD5:88DAF9F07305747426CDE1C30E753B97
      SHA1:DAFDC20422822B87524470F4D50D0683E71B9D50
      SHA-256:CA374A422E0E1A4D2E79E34712CCCA8A073603D21BC7F830CBE20CCBADE53B78
      SHA-512:41534E08C9E1647B296E9C54A3021E14DC8907354D85BB9237339814E30D89D99C9A10F2158F7B392547A5CEE913AE78E71F74A0318A52AA2A4E9C0E483D8989
      Malicious:false
      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.5.2.<./.P.i.
      Process:C:\Windows\System32\WerFault.exe
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):4759
      Entropy (8bit):4.487588012728869
      Encrypted:false
      SSDEEP:48:cvIwWl8zsgJg771I9OJWpW8VY3CYm8M4JCY9CY1+AK6FwUpyyq85mYgAsxRptSTU:uIjfmI7947VmJ7VfK3SzSpoONd
      MD5:6D76A69D772009B883518AA1B6846F59
      SHA1:BF83C6F16726BB996F6F1E041935454145A88B1F
      SHA-256:A18A03BF5CF164C8BDA9FAD3CCE6F917FD92C73B43F8D8DEC8A892C8134FB346
      SHA-512:609A49270779778931D42D483E650FF8EAEAC18D78BFEA0FB9CCEB7077E857D326CF68B3EBF4DB338D15929826FE3DD815024973B8EA1DF5CE803B25139D6EF3
      Malicious:false
      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625373" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
      Process:C:\Windows\System32\WerFault.exe
      File Type:MS Windows registry file, NT/2000 or above
      Category:dropped
      Size (bytes):1835008
      Entropy (8bit):4.394723751836357
      Encrypted:false
      SSDEEP:6144:0l4fiJoH0ncNXiUjt10qCG/gaocYGBoaUMMhA2NX4WABlBuNAfOBSqa:s4vFCMYQUMM6VFYSfU
      MD5:27835D65F1CE8B811731F05B1444E7D3
      SHA1:2D9FFA166FDC6BB8DF3F6F9D28FE1BD8DA0DF41D
      SHA-256:4D6EBA44F6E589F6968AFAE33E0825532F21F7C6241AB69A19595682093BCA69
      SHA-512:3F58051435571B9EB5483A6D4128DA8955860813AD928AAA570FFAE8820769B88392039440F358A4F946F4EA5B930D0E5B8061B2D6D20CAC3F3D0FCB32523544
      Malicious:false
      Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..T.K..............................................................................................................................................................................................................................................................................................................................................g.`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
      Entropy (8bit):6.476113305296515
      TrID:
      • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
      • Win64 Executable (generic) (12005/4) 10.17%
      • Generic Win/DOS Executable (2004/3) 1.70%
      • DOS Executable Generic (2002/1) 1.70%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
      File name:vQu0zndLpi.dll
      File size:1'138'176 bytes
      MD5:6b0b96b6ec7950943213da4f98fab1c7
      SHA1:502b8b7c5888b476365345d029df4f1d80c381c2
      SHA256:bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18
      SHA512:f80bbffc22aa041eb1ccbb39f390fd322ab2b701b30d83e6872b68bc85b8c645d076b7216c5da6eab159fc9074bfc2c8410db6a6ce2e1c658868086dc88c6951
      SSDEEP:24576:D+XUNkTrLLAhpLJdqhQZE8cpKPpo1MsAVHB+FYiY25r3wai:iXUNuAhpXqa+8cpKBgZAZBvig
      TLSH:7C356B1767F805A8E8B6D178897B5806F736B41587309AEF02D0226B1F77BE08E7E711
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.........................5...............................................................a...J.......J.......J..............
      Icon Hash:7ae282899bbab082
      Entrypoint:0x180083a90
      Entrypoint Section:.text
      Digitally signed:true
      Imagebase:0x180000000
      Subsystem:windows gui
      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
      Time Stamp:0x66FA53D2 [Mon Sep 30 07:31:30 2024 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:6
      OS Version Minor:0
      File Version Major:6
      File Version Minor:0
      Subsystem Version Major:6
      Subsystem Version Minor:0
      Import Hash:767132e147d9da374bf0eb60457b20e1
      Signature Valid:
      Signature Issuer:
      Signature Validation Error:
      Error Number:
      Not Before, Not After
        Subject Chain
          Version:
          Thumbprint MD5:
          Thumbprint SHA-1:
          Thumbprint SHA-256:
          Serial:
          Instruction
          dec eax
          sub esp, 28h
          cmp edx, 01h
          jne 00007F2C0CCB30C6h
          dec eax
          mov edx, ecx
          dec eax
          add edx, 001013B8h
          call 00007F2C0CCB30FDh
          dec sp
          movd mm5, eax
          mov eax, 00000001h
          dec eax
          add esp, 28h
          ret
          dec eax
          sub esp, 28h
          dec sp
          movd eax, mm5
          dec eax
          add esp, 28h
          ret
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          dec eax
          sub esp, 28h
          call 00007F2C0CCB3093h
          mov edx, 00001BD8h
          dec eax
          mov ecx, eax
          call 00007F2C0CCB376Fh
          call eax
          xor eax, eax
          dec eax
          add esp, 28h
          ret
          int3
          dec eax
          mov dword ptr [esp+10h], ebx
          dec eax
          mov dword ptr [esp+08h], ecx
          push ebp
          push esi
          push edi
          inc ecx
          push esp
          inc ecx
          push ebp
          inc ecx
          push esi
          inc ecx
          push edi
          dec eax
          lea ebp, dword ptr [esp-27h]
          dec eax
          sub esp, 00000100h
          inc ebp
          xor esp, esp
          dec eax
          mov ebx, edx
          mov dword ptr [esp+20h], 4C682648h
          mov dword ptr [esp+24h], 436D2A5Fh
          mov dword ptr [esp+28h], 4F4D674Fh
          mov dword ptr [esp+2Ch], 75352979h
          inc sp
          mov dword ptr [esp+50h], esp
          mov byte ptr [esp+30h], 00000000h
          mov dword ptr [esp+38h], 0065006Bh
          mov dword ptr [esp+3Ch], 006E0072h
          mov dword ptr [esp+40h], 00000065h
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0xede800x8c.rdata
          IMAGE_DIRECTORY_ENTRY_IMPORT0xedf0c0xdc.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1010000x196ec.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0xf80000x744c.pdata
          IMAGE_DIRECTORY_ENTRY_SECURITY0xfcc000x4dc8
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x11b0000x156c.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0xd93300x70.rdata
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0xd95000x28.rdata
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xd93a00x138.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xb70000x5f8.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000xb572c0xb5800fc6ea9a56a230231c4bb1fdc5ef08421False0.4668183970385675data6.386830917577598IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0xb70000x383b60x38400ec611e4019790695ac7d6d148ac88116False0.3645833333333333data4.902790895501739IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xf00000x749c0x580068b698e4c7307e6be67b30c865614f37False0.15185546875data4.497462253406015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .pdata0xf80000x744c0x760027d6cbc5cf6ad3575f8a0f04a40429a3False0.4889433262711864PEX Binary Archive5.836748779718831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          _RDATA0x1000000xf40x2003becaaa5faf69c9c92c0abf64cce14d9False0.3046875data2.4434385797190123IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0x1010000x196ec0x19800a2add8433692a7f4ef3e303d8b906d10False0.5730602787990197data7.1419435849845465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x11b0000x156c0x160094db310f1ca40a2e184b4684ec88d3dfFalse0.37659801136363635data5.401573591665021IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_VERSION0x1010e80x2d0dataEnglishUnited States0.46805555555555556
          RT_ANICURSOR0x1013b80x191b2data0.5751210689071707
          RT_MANIFEST0x11a56c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
          DLLImport
          RPCRT4.dllUuidToStringW, UuidCreate, RpcStringFreeW
          KERNEL32.dllLoadLibraryExW, SizeofResource, LockResource, LoadResource, FindResourceExW, FindResourceW, EnterCriticalSection, ReleaseSemaphore, LeaveCriticalSection, InitializeCriticalSection, WaitForThreadpoolTimerCallbacks, GetCurrentThreadId, CloseThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolTimer, CloseHandle, SetThreadpoolTimer, SetThreadpoolWait, CreateSemaphoreW, MultiByteToWideChar, GetModuleHandleW, WideCharToMultiByte, LocalFree, DeleteCriticalSection, GetCurrentProcessId, CreateFileW, GetFileTime, FileTimeToSystemTime, GetSystemTime, CreateProcessW, DeleteProcThreadAttributeList, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, GetExitCodeProcess, CreateThreadpoolWait, CreateThreadpoolTimer, CreateEventW, ResetEvent, LocalAlloc, CreateThread, OpenProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, WriteConsoleW, FreeEnvironmentStringsW, GetEnvironmentStringsW, DecodePointer, RaiseException, InitializeCriticalSectionEx, WaitForSingleObject, SetEvent, GetLastError, VerSetConditionMask, VerifyVersionInfoW, GetModuleHandleExW, Sleep, GetProcAddress, LoadLibraryW, GetModuleFileNameW, FreeLibrary, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, FormatMessageA, SetStdHandle, ExitProcess, GetCommandLineW, RtlUnwind, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, ReadConsoleW, GetConsoleMode, GetConsoleOutputCP, WriteFile, GetFileType, GetStdHandle, ReadFile, SetConsoleCtrlHandler, FreeLibraryAndExitThread, ExitThread, FlushFileBuffers, GetFileSizeEx, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, TlsFree, LCMapStringW, IsDebuggerPresent, OutputDebugStringW, GetStringTypeW, WaitForSingleObjectEx, GetExitCodeThread, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryEnterCriticalSection, FindClose, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, SetEndOfFile, SetFilePointerEx, GetFileInformationByHandleEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, GetSystemTimeAsFileTime, GetCPInfo, InitializeCriticalSectionAndSpinCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, InterlockedFlushSList, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue
          USER32.dllAllowSetForegroundWindow
          ADVAPI32.dllRevertToSelf, ImpersonateLoggedOnUser, OpenProcessToken, QueryServiceStatusEx, OpenSCManagerW, OpenServiceW, GetSecurityInfo, GetSidIdentifierAuthority, GetAce, GetSidSubAuthority, GetSidSubAuthorityCount, EqualSid, ConvertSidToStringSidW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, RegDeleteKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, CloseServiceHandle, RegSetKeyValueW, RegOpenKeyExW, RegGetValueW, RegCloseKey
          SHELL32.dllCommandLineToArgvW, SHGetKnownFolderPath
          ole32.dllCoInitializeEx, CoUninitialize, CoSetProxyBlanket, CoTaskMemFree, CoCreateInstance
          OLEAUT32.dllSysAllocString, VariantClear, SafeArrayCreate, VariantInit, SysStringLen, SysAllocStringLen, SysFreeString
          SHLWAPI.dllPathRemoveFileSpecW, PathAppendW, PathIsRelativeW
          WINMM.dlltimeGetTime
          ntdll.dllRtlLookupFunctionEntry, RtlVirtualUnwind, RtlCaptureContext
          NameOrdinalAddress
          xtart10x180020ad0
          start20x180020b00
          DllWinMain40x18005b0b0
          UnInstall30x18006cfe0
          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States
          TimestampSource PortDest PortSource IPDest IP
          Dec 10, 2024 16:51:12.912008047 CET49718443192.168.2.945.66.248.99
          Dec 10, 2024 16:51:12.912060022 CET4434971845.66.248.99192.168.2.9
          Dec 10, 2024 16:51:12.912136078 CET49718443192.168.2.945.66.248.99
          Dec 10, 2024 16:51:12.915303946 CET49718443192.168.2.945.66.248.99
          Dec 10, 2024 16:51:12.915326118 CET4434971845.66.248.99192.168.2.9
          Dec 10, 2024 16:51:12.915455103 CET4434971845.66.248.99192.168.2.9
          Dec 10, 2024 16:51:19.638989925 CET49736443192.168.2.945.66.248.99
          Dec 10, 2024 16:51:19.639044046 CET4434973645.66.248.99192.168.2.9
          Dec 10, 2024 16:51:19.639130116 CET49736443192.168.2.945.66.248.99
          Dec 10, 2024 16:51:19.651829958 CET49736443192.168.2.945.66.248.99
          Dec 10, 2024 16:51:19.651842117 CET4434973645.66.248.99192.168.2.9
          Dec 10, 2024 16:51:19.651887894 CET4434973645.66.248.99192.168.2.9
          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Dec 10, 2024 16:51:06.284918070 CET1.1.1.1192.168.2.90xaf32No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
          Dec 10, 2024 16:51:06.284918070 CET1.1.1.1192.168.2.90xaf32No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false

          Click to jump to process

          Click to jump to process

          Click to dive into process behavior distribution

          Click to jump to process

          Target ID:0
          Start time:10:51:08
          Start date:10/12/2024
          Path:C:\Windows\System32\loaddll64.exe
          Wow64 process (32bit):false
          Commandline:loaddll64.exe "C:\Users\user\Desktop\vQu0zndLpi.dll"
          Imagebase:0x7ff6d5dd0000
          File size:165'888 bytes
          MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:1
          Start time:10:51:08
          Start date:10/12/2024
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff70f010000
          File size:862'208 bytes
          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:2
          Start time:10:51:08
          Start date:10/12/2024
          Path:C:\Windows\System32\cmd.exe
          Wow64 process (32bit):false
          Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1
          Imagebase:0x7ff669af0000
          File size:289'792 bytes
          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:3
          Start time:10:51:08
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,xtart
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:4
          Start time:10:51:08
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",#1
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:8
          Start time:10:51:09
          Start date:10/12/2024
          Path:C:\Windows\System32\WerFault.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\WerFault.exe -u -p 7552 -s 468
          Imagebase:0x7ff6858d0000
          File size:570'736 bytes
          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:10
          Start time:10:51:11
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,start
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:false

          Target ID:11
          Start time:10:51:14
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe C:\Users\user\Desktop\vQu0zndLpi.dll,DllWinMain
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:12
          Start time:10:51:17
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",xtart
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Target ID:13
          Start time:10:51:18
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",start
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:false

          Target ID:14
          Start time:10:51:18
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",DllWinMain
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Has exited:true

          Target ID:15
          Start time:10:51:18
          Start date:10/12/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:rundll32.exe "C:\Users\user\Desktop\vQu0zndLpi.dll",UnInstall
          Imagebase:0x7ff70c010000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Has exited:true

          Reset < >

            Execution Graph

            Execution Coverage:0.2%
            Dynamic/Decrypted Code Coverage:0%
            Signature Coverage:88.9%
            Total number of Nodes:9
            Total number of Limit Nodes:4
            execution_graph 45056 7ff8e7df3be4 45057 7ff8e7df3bea VirtualAlloc 45056->45057 45065 7ff8e7df41a0 _handle_error 45056->45065 45059 7ff8e7df3c40 _handle_error 45057->45059 45059->45059 45060 7ff8e7df3d51 VirtualAlloc 45059->45060 45062 7ff8e7df3f68 _handle_error 45060->45062 45063 7ff8e7df3d6e _handle_error 45060->45063 45061 7ff8e7df3f00 LoadLibraryA 45061->45062 45061->45063 45063->45061 45063->45062 45064 7ff8e7df3f44 GetProcAddressForCaller 45063->45064 45064->45063 45065->45057

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 7ff8e7df2ff0-7ff8e7df2ff7 1 7ff8e7df3009-7ff8e7df3b77 0->1 2 7ff8e7df2ff9-7ff8e7df3002 0->2 6 7ff8e7df3b80-7ff8e7df3b87 1->6 3 7ff8e7df3004 2->3 4 7ff8e7df3005 2->4 4->1 7 7ff8e7df3b90-7ff8e7df3b9b 6->7 7->7 8 7ff8e7df3b9d-7ff8e7df3ba0 7->8 8->6 9 7ff8e7df3ba2-7ff8e7df3ba6 8->9 10 7ff8e7df3bb7 9->10 11 7ff8e7df3ba8-7ff8e7df3bb5 call 7ff8e7df4140 9->11 12 7ff8e7df3bbb-7ff8e7df3c37 call 7ff8e7df41a0 * 3 VirtualAlloc 10->12 11->12 21 7ff8e7df3c40-7ff8e7df3d43 12->21 21->21 22 7ff8e7df3d49-7ff8e7df3d68 call 7ff8e7df3ff0 VirtualAlloc 21->22 25 7ff8e7df3d6e-7ff8e7df3dc0 call 7ff8e7df4020 22->25 26 7ff8e7df3fcc 22->26 25->26 30 7ff8e7df3dc6-7ff8e7df3dd1 25->30 28 7ff8e7df3fce-7ff8e7df3fe8 26->28 31 7ff8e7df3dd5-7ff8e7df3ddb 30->31 32 7ff8e7df3dec-7ff8e7df3def 31->32 33 7ff8e7df3ddd-7ff8e7df3de6 31->33 35 7ff8e7df3e00-7ff8e7df3e20 call 7ff8e7df4020 32->35 36 7ff8e7df3df1-7ff8e7df3dfa 32->36 33->32 34 7ff8e7df3de8 33->34 34->32 35->31 40 7ff8e7df3e22-7ff8e7df3e2d 35->40 36->35 37 7ff8e7df3dfc 36->37 37->35 40->26 41 7ff8e7df3e33-7ff8e7df3e3c 40->41 42 7ff8e7df3e42-7ff8e7df3e4a 41->42 43 7ff8e7df3ed3-7ff8e7df3ee1 41->43 44 7ff8e7df3e50-7ff8e7df3e68 42->44 43->26 45 7ff8e7df3ee7-7ff8e7df3ef0 43->45 48 7ff8e7df3eca-7ff8e7df3ecd 44->48 49 7ff8e7df3e6a 44->49 46 7ff8e7df3ef2-7ff8e7df3ef7 45->46 47 7ff8e7df3f6c-7ff8e7df3f76 call 7ff8e7df4000 45->47 50 7ff8e7df3f00-7ff8e7df3f10 LoadLibraryA 46->50 62 7ff8e7df3f78-7ff8e7df3f89 47->62 63 7ff8e7df3fa9-7ff8e7df3fca 47->63 48->44 53 7ff8e7df3ecf 48->53 51 7ff8e7df3e70-7ff8e7df3e84 49->51 50->26 54 7ff8e7df3f16-7ff8e7df3f22 50->54 55 7ff8e7df3e86-7ff8e7df3ebd call 7ff8e7df4020 * 2 51->55 56 7ff8e7df3ec2-7ff8e7df3ec5 51->56 53->43 58 7ff8e7df3f24-7ff8e7df3f2e 54->58 59 7ff8e7df3f5d-7ff8e7df3f66 54->59 55->56 56->51 61 7ff8e7df3ec7 56->61 64 7ff8e7df3f30-7ff8e7df3f36 58->64 59->50 66 7ff8e7df3f68 59->66 61->48 62->63 67 7ff8e7df3f8b 62->67 63->28 69 7ff8e7df3f3d-7ff8e7df3f41 64->69 70 7ff8e7df3f38-7ff8e7df3f3b 64->70 66->47 72 7ff8e7df3f90-7ff8e7df3fa7 67->72 73 7ff8e7df3f44-7ff8e7df3f56 GetProcAddressForCaller 69->73 70->73 72->63 73->64 76 7ff8e7df3f58 73->76 76->59
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID: $=$.$3$H&hL$OgMO$_*mC$e$k$l$r$y)5u
            • API String ID: 4275171209-280504472
            • Opcode ID: ee0c046724718ef865d8e4251b446f8becd4280be52b503d284323da46b589d7
            • Instruction ID: 4189e841347963fccbd7c832f646cbf182aa312fbd796fdd7d5df45ab68bdb1e
            • Opcode Fuzzy Hash: ee0c046724718ef865d8e4251b446f8becd4280be52b503d284323da46b589d7
            • Instruction Fuzzy Hash: 76D1FF32B092818AEB18CF65E4543BE7BA1FB85BC8F498235DE4E57B89DA3CD501C711

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 78 7ff8e7df3af0-7ff8e7df3b77 79 7ff8e7df3b80-7ff8e7df3b87 78->79 80 7ff8e7df3b90-7ff8e7df3b9b 79->80 80->80 81 7ff8e7df3b9d-7ff8e7df3ba0 80->81 81->79 82 7ff8e7df3ba2-7ff8e7df3ba6 81->82 83 7ff8e7df3bb7 82->83 84 7ff8e7df3ba8-7ff8e7df3bb5 call 7ff8e7df4140 82->84 85 7ff8e7df3bbb-7ff8e7df3c37 call 7ff8e7df41a0 * 3 VirtualAlloc 83->85 84->85 94 7ff8e7df3c40-7ff8e7df3d43 85->94 94->94 95 7ff8e7df3d49-7ff8e7df3d68 call 7ff8e7df3ff0 VirtualAlloc 94->95 98 7ff8e7df3d6e-7ff8e7df3dc0 call 7ff8e7df4020 95->98 99 7ff8e7df3fcc 95->99 98->99 103 7ff8e7df3dc6-7ff8e7df3dd1 98->103 101 7ff8e7df3fce-7ff8e7df3fe8 99->101 104 7ff8e7df3dd5-7ff8e7df3ddb 103->104 105 7ff8e7df3dec-7ff8e7df3def 104->105 106 7ff8e7df3ddd-7ff8e7df3de6 104->106 108 7ff8e7df3e00-7ff8e7df3e20 call 7ff8e7df4020 105->108 109 7ff8e7df3df1-7ff8e7df3dfa 105->109 106->105 107 7ff8e7df3de8 106->107 107->105 108->104 113 7ff8e7df3e22-7ff8e7df3e2d 108->113 109->108 110 7ff8e7df3dfc 109->110 110->108 113->99 114 7ff8e7df3e33-7ff8e7df3e3c 113->114 115 7ff8e7df3e42-7ff8e7df3e4a 114->115 116 7ff8e7df3ed3-7ff8e7df3ee1 114->116 117 7ff8e7df3e50-7ff8e7df3e68 115->117 116->99 118 7ff8e7df3ee7-7ff8e7df3ef0 116->118 121 7ff8e7df3eca-7ff8e7df3ecd 117->121 122 7ff8e7df3e6a 117->122 119 7ff8e7df3ef2-7ff8e7df3ef7 118->119 120 7ff8e7df3f6c-7ff8e7df3f76 call 7ff8e7df4000 118->120 123 7ff8e7df3f00-7ff8e7df3f10 LoadLibraryA 119->123 135 7ff8e7df3f78-7ff8e7df3f89 120->135 136 7ff8e7df3fa9-7ff8e7df3fca 120->136 121->117 126 7ff8e7df3ecf 121->126 124 7ff8e7df3e70-7ff8e7df3e84 122->124 123->99 127 7ff8e7df3f16-7ff8e7df3f22 123->127 128 7ff8e7df3e86-7ff8e7df3ebd call 7ff8e7df4020 * 2 124->128 129 7ff8e7df3ec2-7ff8e7df3ec5 124->129 126->116 131 7ff8e7df3f24-7ff8e7df3f2e 127->131 132 7ff8e7df3f5d-7ff8e7df3f66 127->132 128->129 129->124 134 7ff8e7df3ec7 129->134 137 7ff8e7df3f30-7ff8e7df3f36 131->137 132->123 139 7ff8e7df3f68 132->139 134->121 135->136 140 7ff8e7df3f8b 135->140 136->101 142 7ff8e7df3f3d-7ff8e7df3f41 137->142 143 7ff8e7df3f38-7ff8e7df3f3b 137->143 139->120 145 7ff8e7df3f90-7ff8e7df3fa7 140->145 146 7ff8e7df3f44-7ff8e7df3f56 GetProcAddressForCaller 142->146 143->146 145->136 146->137 149 7ff8e7df3f58 146->149 149->132
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID: $=$.$3$H&hL$OgMO$_*mC$e$k$l$r$y)5u
            • API String ID: 4275171209-280504472
            • Opcode ID: 78d6874f3d14f96c59fd9a5633fcbe9d84fc910ba62e348fbfa17b918026231c
            • Instruction ID: c60734bd6851bf75b5a7e5ee3c3aaff6894df25e0f507b37a24156dc33c18918
            • Opcode Fuzzy Hash: 78d6874f3d14f96c59fd9a5633fcbe9d84fc910ba62e348fbfa17b918026231c
            • Instruction Fuzzy Hash: 199122227092818AEB18CF35E42437E7BA5FB89BC8F559135DE8E47B4ADA3CD505CB00

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 151 7ff8e7df3be4 152 7ff8e7df3bea-7ff8e7df3c37 VirtualAlloc 151->152 153 7ff8e7df3be5 call 7ff8e7df41a0 151->153 154 7ff8e7df3c40-7ff8e7df3d43 152->154 153->152 154->154 155 7ff8e7df3d49-7ff8e7df3d68 call 7ff8e7df3ff0 VirtualAlloc 154->155 158 7ff8e7df3d6e-7ff8e7df3dc0 call 7ff8e7df4020 155->158 159 7ff8e7df3fcc 155->159 158->159 163 7ff8e7df3dc6-7ff8e7df3dd1 158->163 161 7ff8e7df3fce-7ff8e7df3fe8 159->161 164 7ff8e7df3dd5-7ff8e7df3ddb 163->164 165 7ff8e7df3dec-7ff8e7df3def 164->165 166 7ff8e7df3ddd-7ff8e7df3de6 164->166 168 7ff8e7df3e00-7ff8e7df3e20 call 7ff8e7df4020 165->168 169 7ff8e7df3df1-7ff8e7df3dfa 165->169 166->165 167 7ff8e7df3de8 166->167 167->165 168->164 173 7ff8e7df3e22-7ff8e7df3e2d 168->173 169->168 170 7ff8e7df3dfc 169->170 170->168 173->159 174 7ff8e7df3e33-7ff8e7df3e3c 173->174 175 7ff8e7df3e42-7ff8e7df3e4a 174->175 176 7ff8e7df3ed3-7ff8e7df3ee1 174->176 177 7ff8e7df3e50-7ff8e7df3e68 175->177 176->159 178 7ff8e7df3ee7-7ff8e7df3ef0 176->178 181 7ff8e7df3eca-7ff8e7df3ecd 177->181 182 7ff8e7df3e6a 177->182 179 7ff8e7df3ef2-7ff8e7df3ef7 178->179 180 7ff8e7df3f6c-7ff8e7df3f76 call 7ff8e7df4000 178->180 183 7ff8e7df3f00-7ff8e7df3f10 LoadLibraryA 179->183 195 7ff8e7df3f78-7ff8e7df3f89 180->195 196 7ff8e7df3fa9-7ff8e7df3fca 180->196 181->177 186 7ff8e7df3ecf 181->186 184 7ff8e7df3e70-7ff8e7df3e84 182->184 183->159 187 7ff8e7df3f16-7ff8e7df3f22 183->187 188 7ff8e7df3e86-7ff8e7df3ebd call 7ff8e7df4020 * 2 184->188 189 7ff8e7df3ec2-7ff8e7df3ec5 184->189 186->176 191 7ff8e7df3f24-7ff8e7df3f2e 187->191 192 7ff8e7df3f5d-7ff8e7df3f66 187->192 188->189 189->184 194 7ff8e7df3ec7 189->194 197 7ff8e7df3f30-7ff8e7df3f36 191->197 192->183 199 7ff8e7df3f68 192->199 194->181 195->196 200 7ff8e7df3f8b 195->200 196->161 202 7ff8e7df3f3d-7ff8e7df3f41 197->202 203 7ff8e7df3f38-7ff8e7df3f3b 197->203 199->180 205 7ff8e7df3f90-7ff8e7df3fa7 200->205 206 7ff8e7df3f44-7ff8e7df3f56 GetProcAddressForCaller 202->206 203->206 205->196 206->197 209 7ff8e7df3f58 206->209 209->192
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AllocVirtual$AddressCallerLibraryLoadProc
            • String ID: H&hL
            • API String ID: 2360694132-2439674248
            • Opcode ID: 44eba2a5a35923633fa71ece8ceb0c200e7e8fe66f1bd006b510c8ebb3f49db2
            • Instruction ID: a7d82ec19491a7b67785af486b52f0b29c8934115bc76afb2678f9de299969ff
            • Opcode Fuzzy Hash: 44eba2a5a35923633fa71ece8ceb0c200e7e8fe66f1bd006b510c8ebb3f49db2
            • Instruction Fuzzy Hash: 7A71133270928146DF0DCB39E42537E7BA5FB48B89B499136CE8E57B4ADA3CD505C710

            Control-flow Graph

            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressCallerLibraryLoadProc
            • String ID:
            • API String ID: 4215043672-0
            • Opcode ID: d6f5452103803c5f2f3a319d01ce199cc0f0dfd00667f7ef54a4292edb0a6888
            • Instruction ID: 51ceaae5fad8069c4cfca149747a0b4b847786c78ef7bd1c2050fffc8da83c89
            • Opcode Fuzzy Hash: d6f5452103803c5f2f3a319d01ce199cc0f0dfd00667f7ef54a4292edb0a6888
            • Instruction Fuzzy Hash: C6413632B0965286EB69CB69E0403BE77A1EF44BC8F494631EE1D57789EA3CE841C711
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressProc$ErrorLast$_invalid_parameter_noinfo_noreturn$FreeLibrary$ExceptionFileHandleHeaderModuleRaise
            • String ID: AddExtraFilesToDump$ConvertOldConfigToNewConfig$DeleteDump$EnableBdch$FreeDumpResponse$GetAPIVersion$GetProcAddress failed$GetSettings$GetSettingsFromFile$ListDumps$ReleaseBdchSettings$SaveSettingsToFile$SetSettings$SetWerText$SignalHandler$SubmitDump$SyncSettings$UninitBdch$bdch.dll$common
            • API String ID: 907206834-249020477
            • Opcode ID: 9a4ee575f4863204540a75201041e596e6dfa383fe2d785bef0209c871762e64
            • Instruction ID: b315f6d403e493416aee2c4aff9c8bfec383f5f028952a074b75cae37e9b5df8
            • Opcode Fuzzy Hash: 9a4ee575f4863204540a75201041e596e6dfa383fe2d785bef0209c871762e64
            • Instruction Fuzzy Hash: 66922162F05B529AFB10CFA8E4802AC73B5EF54BC8B544235DE6E22A68EF3C9555C341
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CriticalSection$Leave$Enter$ObjectSingleWait$CurrentThread$ReleaseSemaphore
            • String ID:
            • API String ID: 2071811701-0
            • Opcode ID: 108c2fc571f0403c0ae4151bbae7192262587a6409f44ddc6cdfa21276470fbc
            • Instruction ID: 315acde58ec173f0ddb730d3c739cfc7475304707f8bc90d473058f32c8bf1a9
            • Opcode Fuzzy Hash: 108c2fc571f0403c0ae4151bbae7192262587a6409f44ddc6cdfa21276470fbc
            • Instruction Fuzzy Hash: 54322672B086428BFB64CFA9D58072D77A1FB44B84F180635DA6A87798DF3DE8418742
            APIs
              • Part of subcall function 00007FF8E7DF3E90: LoadLibraryA.KERNELBASE ref: 00007FF8E7DF3F07
              • Part of subcall function 00007FF8E7DF3E90: GetProcAddressForCaller.KERNELBASE ref: 00007FF8E7DF3F47
            • timeGetTime.WINMM(-> %s,win_fw_ownership::take_ownership_task,?,?,?,00007FF8E7D896E5), ref: 00007FF8E7D8A40A
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • timeGetTime.WINMM ref: 00007FF8E7D8AC56
            • timeGetTime.WINMM ref: 00007FF8E7D8AF00
            • CoCreateInstance.OLE32(?,?,?,00007FF8E7D896E5), ref: 00007FF8E7D8A537
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Timetime$_invalid_parameter_noinfo$AddressCallerCreateInstanceLibraryLoadProcSleep
            • String ID: -> %s$Could not get an instance of the firewall policy. Error: $Could not get the Windows Firewall status for domain networks. Error: $Could not get the Windows Firewall status for private networks. Error: $Could not get the Windows Firewall status for public networks. Error: $Could not set the Windows Firewall status for domain networks. Error: $Could not set the Windows Firewall status for private networks. Error: $Could not set the Windows Firewall status for public networks. Error: $Firewall already enabled for all network types.$Saving Windows Firewall status.$Skipped saving Windows Firewall status.$WinFwInitialStat$WinFwSetStat$win_fw_ownership::enable_win_fw$win_fw_ownership::get_last_set_win_fw_status$win_fw_ownership::save_win_fw_status$win_fw_ownership::take_ownership_task
            • API String ID: 3405590602-2346150944
            • Opcode ID: c9d3474bf6ef8fb08b123b90f418204d7a29d2e4ab44f3653ecfff32b753bfe8
            • Instruction ID: 1c5a0991eacb70911262b408a4f94928437cea6af32952f941b8e45b1a3e5943
            • Opcode Fuzzy Hash: c9d3474bf6ef8fb08b123b90f418204d7a29d2e4ab44f3653ecfff32b753bfe8
            • Instruction Fuzzy Hash: 49D23932A09B828AF720DFA4D8803ED37A4FB84798F440636DA6D57A99DF3CE545C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandle$ErrorLastSleep$CurrentEventFreeInfoLibraryOpenProcessSecurityThreadTimetime
            • String ID: $Command line: $DllWinMain$Invalid command line$check_security_event err=$crash in $crash_handler::check_intentional_crash$crash_handler::enable failed; err= $failed to start; err=$get_parent_process failed; err=$get_parent_process_id failed$invalid security event$nullptr$process::open failed$sync::wait failed; err=
            • API String ID: 3603222985-3427197465
            • Opcode ID: 563237c25084c9a6043af411bbddca3a9d9b7920bde20101074ee879aacb59ed
            • Instruction ID: 7d99a0093411dba39e39dd7fd2b29fd39ff014948619a76f2b38df4afc32d557
            • Opcode Fuzzy Hash: 563237c25084c9a6043af411bbddca3a9d9b7920bde20101074ee879aacb59ed
            • Instruction Fuzzy Hash: E6A23E32A0DBC296E670DB94E4803AEB3A0FBC4794F544635D6ED42A9ADF3CE544CB41

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 3138 7ff8e7da0530-7ff8e7da05e6 timeGetTime call 7ff8e7dfdfa8 call 7ff8e7dfe08c call 7ff8e7dfdfa8 3145 7ff8e7da068a-7ff8e7da06a1 call 7ff8e7d9c0a0 3138->3145 3146 7ff8e7da05ec 3138->3146 3151 7ff8e7da06a7-7ff8e7da0732 call 7ff8e7d778e0 3145->3151 3152 7ff8e7da082a-7ff8e7da0883 3145->3152 3147 7ff8e7da05f1 call 7ff8e7d79020 3146->3147 3150 7ff8e7da05f6-7ff8e7da0608 3147->3150 3153 7ff8e7da0619-7ff8e7da066d call 7ff8e7d78d10 3150->3153 3154 7ff8e7da060a 3150->3154 3162 7ff8e7da0734 3151->3162 3163 7ff8e7da078c 3151->3163 3194 7ff8e7da0885-7ff8e7da088d 3152->3194 3195 7ff8e7da088f-7ff8e7da0893 3152->3195 3164 7ff8e7da0685 3153->3164 3165 7ff8e7da066f 3153->3165 3156 7ff8e7da060a call 7ff8e7d79020 3154->3156 3160 7ff8e7da060f-7ff8e7da0614 3156->3160 3160->3153 3168 7ff8e7da0739 call 7ff8e7d79020 3162->3168 3166 7ff8e7da078e-7ff8e7da0794 3163->3166 3164->3145 3169 7ff8e7da0670 3165->3169 3170 7ff8e7da0796-7ff8e7da07b0 3166->3170 3171 7ff8e7da07cc-7ff8e7da07e5 3166->3171 3172 7ff8e7da073e-7ff8e7da0758 3168->3172 3173 7ff8e7da0670 call 7ff8e7d79170 3169->3173 3174 7ff8e7da07b2 3170->3174 3175 7ff8e7da07c7 3170->3175 3179 7ff8e7da07e7-7ff8e7da07fa call 7ff8e7d758a0 3171->3179 3180 7ff8e7da07fb-7ff8e7da0825 call 7ff8e7d78760 call 7ff8e7df0f94 3171->3180 3177 7ff8e7da0769-7ff8e7da0772 3172->3177 3178 7ff8e7da075a 3172->3178 3181 7ff8e7da0675-7ff8e7da0683 3173->3181 3182 7ff8e7da07b2 call 7ff8e7d79170 3174->3182 3175->3171 3185 7ff8e7da0774-7ff8e7da077b 3177->3185 3186 7ff8e7da0788-7ff8e7da078a 3177->3186 3183 7ff8e7da075a call 7ff8e7d79020 3178->3183 3179->3180 3200 7ff8e7da0f0c-7ff8e7da0f22 call 7ff8e7d78c20 3180->3200 3181->3164 3181->3169 3188 7ff8e7da07b7-7ff8e7da07c5 3182->3188 3190 7ff8e7da075f-7ff8e7da0764 3183->3190 3185->3186 3192 7ff8e7da077d-7ff8e7da0786 3185->3192 3186->3166 3188->3174 3188->3175 3190->3177 3192->3166 3197 7ff8e7da0897-7ff8e7da089e 3194->3197 3195->3197 3201 7ff8e7da08a4-7ff8e7da092f call 7ff8e7d778e0 3197->3201 3202 7ff8e7da0a28-7ff8e7da0b1e 3197->3202 3208 7ff8e7da0f25 call 7ff8e7df2ff0 3200->3208 3209 7ff8e7da0931 3201->3209 3210 7ff8e7da0989 3201->3210 3249 7ff8e7da0b20-7ff8e7da0b27 3202->3249 3250 7ff8e7da0b53-7ff8e7da0b72 3202->3250 3213 7ff8e7da0f2a-7ff8e7da0f4a 3208->3213 3211 7ff8e7da0936 call 7ff8e7d79020 3209->3211 3214 7ff8e7da098b-7ff8e7da0991 3210->3214 3215 7ff8e7da093b-7ff8e7da0955 3211->3215 3216 7ff8e7da0993-7ff8e7da09ad 3214->3216 3217 7ff8e7da09ca-7ff8e7da09e3 3214->3217 3218 7ff8e7da0957 3215->3218 3219 7ff8e7da0966-7ff8e7da096f 3215->3219 3223 7ff8e7da09c5 3216->3223 3224 7ff8e7da09af 3216->3224 3221 7ff8e7da09e5-7ff8e7da09f8 call 7ff8e7d758a0 3217->3221 3222 7ff8e7da09f9-7ff8e7da0a23 call 7ff8e7d78760 call 7ff8e7df0f94 3217->3222 3225 7ff8e7da0957 call 7ff8e7d79020 3218->3225 3227 7ff8e7da0971-7ff8e7da0978 3219->3227 3228 7ff8e7da0985-7ff8e7da0987 3219->3228 3221->3222 3242 7ff8e7da0ef2-7ff8e7da0ef9 3222->3242 3223->3217 3230 7ff8e7da09b0 3224->3230 3232 7ff8e7da095c-7ff8e7da0961 3225->3232 3227->3228 3235 7ff8e7da097a-7ff8e7da0983 3227->3235 3228->3214 3231 7ff8e7da09b0 call 7ff8e7d79170 3230->3231 3237 7ff8e7da09b5-7ff8e7da09c3 3231->3237 3232->3219 3235->3214 3237->3223 3237->3230 3242->3200 3244 7ff8e7da0efb-7ff8e7da0f0b 3242->3244 3244->3200 3251 7ff8e7da0b39-7ff8e7da0b51 3249->3251 3252 7ff8e7da0b29-7ff8e7da0b2c 3249->3252 3255 7ff8e7da0b73-7ff8e7da0b77 3250->3255 3251->3255 3252->3251 3256 7ff8e7da0b7d-7ff8e7da0b9e 3255->3256 3257 7ff8e7da0d5c-7ff8e7da0de7 call 7ff8e7d778e0 3255->3257 3256->3257 3263 7ff8e7da0ba4-7ff8e7da0c38 call 7ff8e7d778e0 3256->3263 3261 7ff8e7da0de9 3257->3261 3262 7ff8e7da0e3a 3257->3262 3265 7ff8e7da0ded call 7ff8e7d79020 3261->3265 3264 7ff8e7da0e3c-7ff8e7da0e44 3262->3264 3286 7ff8e7da0c8b 3263->3286 3287 7ff8e7da0c3a 3263->3287 3266 7ff8e7da0e46-7ff8e7da0e5f 3264->3266 3267 7ff8e7da0e79-7ff8e7da0e92 3264->3267 3268 7ff8e7da0df2-7ff8e7da0e09 3265->3268 3270 7ff8e7da0e61 3266->3270 3271 7ff8e7da0e75 3266->3271 3274 7ff8e7da0e94-7ff8e7da0ea7 call 7ff8e7d758a0 3267->3274 3275 7ff8e7da0ea8-7ff8e7da0ed0 call 7ff8e7d78760 call 7ff8e7df0f94 3267->3275 3272 7ff8e7da0e18-7ff8e7da0e20 3268->3272 3273 7ff8e7da0e0b 3268->3273 3279 7ff8e7da0e61 call 7ff8e7d79170 3270->3279 3271->3267 3282 7ff8e7da0e22-7ff8e7da0e29 3272->3282 3283 7ff8e7da0e36-7ff8e7da0e38 3272->3283 3280 7ff8e7da0e0b call 7ff8e7d79020 3273->3280 3274->3275 3299 7ff8e7da0ed2-7ff8e7da0ed6 3275->3299 3288 7ff8e7da0e66-7ff8e7da0e73 3279->3288 3289 7ff8e7da0e10-7ff8e7da0e14 3280->3289 3282->3283 3284 7ff8e7da0e2b-7ff8e7da0e34 3282->3284 3283->3264 3284->3264 3293 7ff8e7da0c8d-7ff8e7da0c95 3286->3293 3292 7ff8e7da0c3e call 7ff8e7d79020 3287->3292 3288->3270 3288->3271 3289->3272 3296 7ff8e7da0c43-7ff8e7da0c5c 3292->3296 3297 7ff8e7da0c97-7ff8e7da0cb1 3293->3297 3298 7ff8e7da0ccb-7ff8e7da0cdb 3293->3298 3300 7ff8e7da0c6c-7ff8e7da0c75 3296->3300 3301 7ff8e7da0c5e 3296->3301 3304 7ff8e7da0cb3 3297->3304 3305 7ff8e7da0cc7 3297->3305 3302 7ff8e7da0d29-7ff8e7da0d57 call 7ff8e7d78760 call 7ff8e7df0f94 3298->3302 3303 7ff8e7da0cdd-7ff8e7da0cf3 call 7ff8e7d758a0 3298->3303 3299->3242 3308 7ff8e7da0ed8-7ff8e7da0edf 3299->3308 3300->3286 3311 7ff8e7da0c77-7ff8e7da0c7e 3300->3311 3309 7ff8e7da0c5e call 7ff8e7d79020 3301->3309 3302->3299 3303->3302 3319 7ff8e7da0cf5-7ff8e7da0d04 call 7ff8e7d83390 3303->3319 3306 7ff8e7da0cb3 call 7ff8e7d79170 3304->3306 3305->3298 3312 7ff8e7da0cb8-7ff8e7da0cc5 3306->3312 3308->3242 3314 7ff8e7da0ee1-7ff8e7da0ef1 3308->3314 3315 7ff8e7da0c63-7ff8e7da0c68 3309->3315 3311->3286 3317 7ff8e7da0c80-7ff8e7da0c89 3311->3317 3312->3304 3312->3305 3314->3242 3315->3300 3317->3293 3319->3302 3325 7ff8e7da0d06-7ff8e7da0d1a call 7ff8e7d758a0 3319->3325 3325->3302 3328 7ff8e7da0d1c-7ff8e7da0d28 call 7ff8e7db0440 3325->3328 3328->3302
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DA0572
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7D79170: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D7918A
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Sleep_invalid_parameter_noinfo$Timetime
            • String ID: is started by broker=$-> %s$0$bd.process.broker$bd.process.broker.channel.spawner$bd::process_broker::is_started_by_broker$from$is_started_by_broker$method$module$no bus$no channel=bd.process.broker.channel.spawner$no reply received$pid$pid=$process_broker$process_broker_client$result$version
            • API String ID: 2695549718-2130624740
            • Opcode ID: 2181f06927e0e029315d811f794b0f694f43ad20be1b47743ad7c3cd8498611b
            • Instruction ID: e425dc767f48a6498c2d1ad7215889d5cafad049733eee8dfac62703a71e92da
            • Opcode Fuzzy Hash: 2181f06927e0e029315d811f794b0f694f43ad20be1b47743ad7c3cd8498611b
            • Instruction Fuzzy Hash: D8526E32B09B868AEB10CFA4E8803AD37A0FB44B94F544236DAAD577A9DF3CD545C741

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 3331 7ff8e7dc43e0-7ff8e7dc4424 call 7ff8e7dc5ac0 3334 7ff8e7dc4644-7ff8e7dc4667 3331->3334 3335 7ff8e7dc442a-7ff8e7dc448f call 7ff8e7d778e0 3331->3335 3339 7ff8e7dc4766-7ff8e7dc47f2 call 7ff8e7d7a750 3334->3339 3340 7ff8e7dc466d-7ff8e7dc4671 3334->3340 3341 7ff8e7dc4495 3335->3341 3342 7ff8e7dc4579-7ff8e7dc458a 3335->3342 3351 7ff8e7dc47f5-7ff8e7dc4808 3339->3351 3340->3339 3344 7ff8e7dc4677-7ff8e7dc4699 3340->3344 3346 7ff8e7dc4499 call 7ff8e7d79020 3341->3346 3345 7ff8e7dc458e-7ff8e7dc45c4 call 7ff8e7d78760 call 7ff8e7df0f94 3342->3345 3348 7ff8e7dc46a0-7ff8e7dc46a8 3344->3348 3374 7ff8e7dc45f6-7ff8e7dc4601 3345->3374 3375 7ff8e7dc45c6-7ff8e7dc45d0 3345->3375 3350 7ff8e7dc449e-7ff8e7dc44b0 3346->3350 3348->3348 3352 7ff8e7dc46aa-7ff8e7dc4710 call 7ff8e7d7a750 call 7ff8e7d8f270 3348->3352 3354 7ff8e7dc44b2 3350->3354 3355 7ff8e7dc44c1-7ff8e7dc44c9 3350->3355 3356 7ff8e7dc4aab-7ff8e7dc4b22 call 7ff8e7d778e0 3351->3356 3357 7ff8e7dc480e-7ff8e7dc4885 call 7ff8e7d778e0 3351->3357 3393 7ff8e7dc4712-7ff8e7dc472b 3352->3393 3394 7ff8e7dc474f-7ff8e7dc4761 3352->3394 3360 7ff8e7dc44b2 call 7ff8e7d79020 3354->3360 3361 7ff8e7dc44cb-7ff8e7dc44d2 3355->3361 3362 7ff8e7dc44df 3355->3362 3383 7ff8e7dc4bea-7ff8e7dc4c05 3356->3383 3384 7ff8e7dc4b28 3356->3384 3379 7ff8e7dc488b 3357->3379 3380 7ff8e7dc494a-7ff8e7dc4965 3357->3380 3368 7ff8e7dc44b7-7ff8e7dc44bc 3360->3368 3361->3362 3369 7ff8e7dc44d4-7ff8e7dc44dd 3361->3369 3363 7ff8e7dc44e1-7ff8e7dc44f4 3362->3363 3370 7ff8e7dc44f6 3363->3370 3371 7ff8e7dc450b-7ff8e7dc4529 3363->3371 3368->3355 3369->3363 3377 7ff8e7dc44f6 call 7ff8e7d79170 3370->3377 3371->3345 3378 7ff8e7dc452b-7ff8e7dc453e call 7ff8e7d758a0 3371->3378 3385 7ff8e7dc4607-7ff8e7dc4620 3374->3385 3386 7ff8e7dc4d1b-7ff8e7dc4d25 3374->3386 3375->3374 3382 7ff8e7dc45d2-7ff8e7dc45ec 3375->3382 3389 7ff8e7dc44fb-7ff8e7dc4509 3377->3389 3378->3345 3415 7ff8e7dc4540-7ff8e7dc4553 call 7ff8e7d758a0 3378->3415 3392 7ff8e7dc488f call 7ff8e7d79020 3379->3392 3396 7ff8e7dc496c-7ff8e7dc4970 3380->3396 3382->3374 3388 7ff8e7dc4c0c-7ff8e7dc4c10 3383->3388 3395 7ff8e7dc4b2c call 7ff8e7d79020 3384->3395 3397 7ff8e7dc4626-7ff8e7dc4639 3385->3397 3398 7ff8e7dc4d15-7ff8e7dc4d1a call 7ff8e7df3010 3385->3398 3390 7ff8e7dc4d28 call 7ff8e7df2ff0 3386->3390 3399 7ff8e7dc4c16-7ff8e7dc4c19 3388->3399 3400 7ff8e7dc4dbe-7ff8e7dc4df0 call 7ff8e7d99130 call 7ff8e7df5df0 3388->3400 3389->3370 3389->3371 3402 7ff8e7dc4d2d-7ff8e7dc4d3f 3390->3402 3404 7ff8e7dc4894-7ff8e7dc48a6 3392->3404 3405 7ff8e7dc4746-7ff8e7dc474b call 7ff8e7df3010 3393->3405 3406 7ff8e7dc472d-7ff8e7dc4740 3393->3406 3394->3351 3407 7ff8e7dc4b31-7ff8e7dc4b43 3395->3407 3408 7ff8e7dc4976-7ff8e7dc4979 3396->3408 3409 7ff8e7dc4d58-7ff8e7dc4d8a call 7ff8e7d99130 call 7ff8e7df5df0 3396->3409 3410 7ff8e7dc4d46-7ff8e7dc4d4b call 7ff8e7df9c5c 3397->3410 3411 7ff8e7dc463f 3397->3411 3398->3386 3412 7ff8e7dc4c1b-7ff8e7dc4c38 call 7ff8e7db9220 3399->3412 3413 7ff8e7dc4c3d-7ff8e7dc4c69 call 7ff8e7d78760 call 7ff8e7df0f94 3399->3413 3476 7ff8e7dc4df1-7ff8e7dc4e23 call 7ff8e7d99130 call 7ff8e7df5df0 3400->3476 3424 7ff8e7dc48b7-7ff8e7dc48c0 3404->3424 3425 7ff8e7dc48a8 3404->3425 3405->3394 3406->3405 3416 7ff8e7dc4d52-7ff8e7dc4d57 call 7ff8e7df9c5c 3406->3416 3418 7ff8e7dc4b45 3407->3418 3419 7ff8e7dc4b54-7ff8e7dc4b5d 3407->3419 3421 7ff8e7dc49e1-7ff8e7dc4a2b call 7ff8e7d78760 call 7ff8e7df0f94 call 7ff8e7dc0350 3408->3421 3422 7ff8e7dc497b-7ff8e7dc4995 call 7ff8e7d73550 3408->3422 3474 7ff8e7dc4d8b-7ff8e7dc4dbd call 7ff8e7d99130 call 7ff8e7df5df0 3409->3474 3455 7ff8e7dc4d4c-7ff8e7dc4d51 call 7ff8e7df9c5c 3410->3455 3411->3398 3412->3413 3413->3476 3484 7ff8e7dc4c6f-7ff8e7dc4ca6 call 7ff8e7dc0350 3413->3484 3415->3345 3461 7ff8e7dc4555-7ff8e7dc4568 call 7ff8e7d758a0 3415->3461 3416->3409 3433 7ff8e7dc4b45 call 7ff8e7d79020 3418->3433 3436 7ff8e7dc4b73 3419->3436 3437 7ff8e7dc4b5f-7ff8e7dc4b66 3419->3437 3504 7ff8e7dc4a5d-7ff8e7dc4a68 3421->3504 3505 7ff8e7dc4a2d-7ff8e7dc4a37 3421->3505 3463 7ff8e7dc49b1-7ff8e7dc49b5 3422->3463 3464 7ff8e7dc4997-7ff8e7dc49aa call 7ff8e7d758a0 3422->3464 3441 7ff8e7dc48c2-7ff8e7dc48c9 3424->3441 3442 7ff8e7dc48d6 3424->3442 3439 7ff8e7dc48a8 call 7ff8e7d79020 3425->3439 3448 7ff8e7dc4b4a-7ff8e7dc4b4f 3433->3448 3452 7ff8e7dc4b76-7ff8e7dc4b89 3436->3452 3437->3436 3451 7ff8e7dc4b68-7ff8e7dc4b71 3437->3451 3454 7ff8e7dc48ad-7ff8e7dc48b2 3439->3454 3441->3442 3456 7ff8e7dc48cb-7ff8e7dc48d4 3441->3456 3444 7ff8e7dc48d9-7ff8e7dc48ec 3442->3444 3457 7ff8e7dc4905-7ff8e7dc492c 3444->3457 3458 7ff8e7dc48ee 3444->3458 3448->3419 3451->3452 3465 7ff8e7dc4ba5-7ff8e7dc4bcc 3452->3465 3466 7ff8e7dc4b8b 3452->3466 3454->3424 3455->3416 3456->3444 3457->3396 3473 7ff8e7dc492e-7ff8e7dc4948 call 7ff8e7d758a0 3457->3473 3471 7ff8e7dc48f0 3458->3471 3461->3345 3498 7ff8e7dc456a-7ff8e7dc4577 call 7ff8e7d73550 3461->3498 3463->3474 3479 7ff8e7dc49bb-7ff8e7dc49be 3463->3479 3464->3463 3465->3388 3481 7ff8e7dc4bce-7ff8e7dc4be8 call 7ff8e7d758a0 3465->3481 3480 7ff8e7dc4b90 3466->3480 3483 7ff8e7dc48f0 call 7ff8e7d79170 3471->3483 3473->3396 3474->3400 3479->3421 3490 7ff8e7dc49c0-7ff8e7dc49dc call 7ff8e7db9220 3479->3490 3491 7ff8e7dc4b90 call 7ff8e7d79170 3480->3491 3481->3388 3494 7ff8e7dc48f5-7ff8e7dc4903 3483->3494 3512 7ff8e7dc4cd8-7ff8e7dc4ce3 3484->3512 3513 7ff8e7dc4ca8-7ff8e7dc4cb2 3484->3513 3490->3421 3501 7ff8e7dc4b95-7ff8e7dc4ba3 3491->3501 3494->3457 3494->3471 3498->3345 3501->3465 3501->3480 3504->3386 3511 7ff8e7dc4a6e-7ff8e7dc4a87 3504->3511 3505->3504 3510 7ff8e7dc4a39-7ff8e7dc4a53 3505->3510 3510->3504 3511->3398 3517 7ff8e7dc4a8d-7ff8e7dc4aa0 3511->3517 3512->3386 3519 7ff8e7dc4ce5-7ff8e7dc4cfe 3512->3519 3513->3512 3518 7ff8e7dc4cb4-7ff8e7dc4cce 3513->3518 3517->3455 3520 7ff8e7dc4aa6 3517->3520 3518->3512 3519->3398 3521 7ff8e7dc4d00-7ff8e7dc4d13 3519->3521 3520->3398 3521->3398 3522 7ff8e7dc4d40-7ff8e7dc4d45 call 7ff8e7df9c5c 3521->3522 3522->3410
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Sleep
            • String ID: Failed to get REGPATH_PRODUCT_COMMON$\wsc\restart\$common$count$failed; err = $get_plugin $get_reg_path failed; err=$get_restart_count_from_reg err=$old counter; reset restart counter$productinfo$reg path $reg path is empty; can't check restart metricts$reg::get_qword_value failed$wsc_communicator_launcher_plg::check_restart_metrics$wsc_communicator_launcher_plg::get_reg_path$wsc_communicator_launcher_plg::get_restart_metrics
            • API String ID: 3287135283-2481825956
            • Opcode ID: 781f7098daaf994b01750fdf8bd54cc10ebc5a048332789970be7ca32d62cd69
            • Instruction ID: 6125fea6bbba0ceac59704ab055c2958b631c6d1bb8e555a7b9484c023e55e38
            • Opcode Fuzzy Hash: 781f7098daaf994b01750fdf8bd54cc10ebc5a048332789970be7ca32d62cd69
            • Instruction Fuzzy Hash: 3F528032A09BC299EB619FA4D8843ED3760FB447D8F544335DAAD46AA9DF3CD285C301
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB5C95
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7D78C20: timeGetTime.WINMM ref: 00007FF8E7D78C76
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: -> %s$. Running without it.$Could not get the IGAL plugin. Error: $Could not get the ProductInfo plugin. Error: $Could not get the Virus Shield plugin. Error: $Could not load the Update communication client. Error: $Could not load the WSC communication peer. Error: $igal$updatecommclient$vshieldal$wsc_collector::initialize_plugins$wsc_communication_peer
            • API String ID: 3401150693-223008801
            • Opcode ID: 28c551a79c954c6ad755007fe97e2b2e1776b123be57f46ff364dfea7ccb6018
            • Instruction ID: 700a39f73d7aea6961907d6df30036b90d7b3c7acb888e3d36c93a7463311f34
            • Opcode Fuzzy Hash: 28c551a79c954c6ad755007fe97e2b2e1776b123be57f46ff364dfea7ccb6018
            • Instruction Fuzzy Hash: 51C24C72A05BC289EB618FA4D8803ED3360FB44B98F544235DAAD47A9DEF3CD685C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time$ErrorFileLast$CloseHandleSystem$CreateSleep
            • String ID: A$Could not convert the file time to system time. Error: $Could not get the last write for the update file. Error: $CreateFile failed$\Plugins\Update.txt$scansp$wsc_collector::are_signatures_up_to_date
            • API String ID: 1276257713-2033635184
            • Opcode ID: 8791e2925a5d9e3e23cec115fc78c02f820b3884556fef06da0637167dbc0cf6
            • Instruction ID: a1bd5cecc50e90ad8302ea862773b2a86c4e282ffd2bfa5d9c7ba7f9fab98048
            • Opcode Fuzzy Hash: 8791e2925a5d9e3e23cec115fc78c02f820b3884556fef06da0637167dbc0cf6
            • Instruction Fuzzy Hash: 5C026072A09BC286EB608B94E4843AE73A4FB857A0F504335D7BD42AE9DF7CD445CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Variant$Clear$InitSleepString
            • String ID: Could not delete the instance. Error: $Could not enumerate the WMI instances. Error: $Could not execute the WMI query. Error: $Could not get the GUID property. Error: $Could not get the path property. Error: $Found old instance GUID: $The GUID's type is not BSTR.$The instance path is not a BSTR.$__PATH$helpers::cleanup::clear_old_wsc_guids$helpers::cleanup::details::clear_old_wsc_guids_from_wmi$instanceGuid
            • API String ID: 4200116764-3864995593
            • Opcode ID: ae23b41b72b578f0be7289f4915bf3498807025939845a9aafd6b3116b25ee85
            • Instruction ID: cac6645f690c9b1f0fd2aaacbd727c7091b721bc296dd944cacf01b605f9615b
            • Opcode Fuzzy Hash: ae23b41b72b578f0be7289f4915bf3498807025939845a9aafd6b3116b25ee85
            • Instruction Fuzzy Hash: F6A23832A09BC289E760DFA4D8803ED37A0FB44798F544235DAAD5BAA9DF3CE544C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Create$InstanceVariant_invalid_parameter_noinfo$ArrayClearInitMtx_unlockSafeSleepTimetime
            • String ID: -> %s$Could not allocate memory for the SafeArray.$Could not get an instance of the Firewall product. Error: $Could not get the registered Firewall products. Error: $Could not set the Firewall display name. Error: $Could not set the rule categories. Error: $Registering failed with error 0x%x$win_fw_ownership::register_ownership$win_fw_ownership::take_ownership_task
            • API String ID: 3654207605-3596997424
            • Opcode ID: c719a2fc17f73a5c1013247dc480f164bffdc1377bccda627e9884006178e37c
            • Instruction ID: 01f364c7e91f6888a93c58cc886fea8a37251af3620648768013db7201941d03
            • Opcode Fuzzy Hash: c719a2fc17f73a5c1013247dc480f164bffdc1377bccda627e9884006178e37c
            • Instruction Fuzzy Hash: 34722832A09B828AF7619FA4D8803ED37A4FB44798F540235DAAD47BA9DF3CE544C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Timetime$Mtx_unlock_invalid_parameter_noinfo$Sleep
            • String ID: $ $-> %s$Antivirus$Could not get the Virus Shield settings. Error: $wsc_collector::OnCommunicationEstablished$wsc_collector::OnSettingsChanged$wsc_collector::OnSignatureInstalled
            • API String ID: 1155266476-1221500984
            • Opcode ID: 3cb3db4bbaf9c43e9a7a0cae9519ab9a39fda8cf2ad7019b5efdde453fb31a36
            • Instruction ID: ce0ecb575a2f465b01ad1afdb462fb67985dc5403a0250c666a75c26e241baf7
            • Opcode Fuzzy Hash: 3cb3db4bbaf9c43e9a7a0cae9519ab9a39fda8cf2ad7019b5efdde453fb31a36
            • Instruction Fuzzy Hash: D0424F72B08B8286E710DBA5E8403AE7360FB847A4F540236EBAD43B99DF3DE555C741
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID: array$object$object key$object separator
            • API String ID: 0-2277530871
            • Opcode ID: 008b0625c3d1b28f1b65cb6b2ada3bafaa570eac885457e0a542ddb8ab17ca85
            • Instruction ID: f0674c82b2c219050b0f6ee3cd5bc3e03028441149d61b122453badcfe9ed303
            • Opcode Fuzzy Hash: 008b0625c3d1b28f1b65cb6b2ada3bafaa570eac885457e0a542ddb8ab17ca85
            • Instruction Fuzzy Hash: 8B228F22B18A8689EB20DFA5D8443ED2361FB457D8F404731DA6D4AADEDF7CE285C301
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$CreateInitializeInstanceMtx_unlockSleepTimeUninitializetime
            • String ID: -> %s$Could not get an instance of the firewall policy. Error: $Could not initialize COM. Error $Could not set the Windows Firewall status for domain networks. Error: $Could not set the Windows Firewall status for private networks. Error: $Could not set the Windows Firewall status for public networks. Error: $Ownership was not taken in advance. Exiting.$win_fw_ownership::restore_ownership_task$win_fw_ownership::take_ownership_task
            • API String ID: 2781143171-1643867041
            • Opcode ID: a9248da32e63535bdddb4c0f0e718c210ba0f25e3500d6db8d6a354708bd0332
            • Instruction ID: 40d3ea7c5cbad89cbfef9d0d056a83cc6e8e180fa6a7233fdc2887f8386fa409
            • Opcode Fuzzy Hash: a9248da32e63535bdddb4c0f0e718c210ba0f25e3500d6db8d6a354708bd0332
            • Instruction Fuzzy Hash: 96724A32A09B828AF720DFA4D8803ED37A4FB84799F540235DAAD57A99DF3CE541C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CreateStringUuid$CloseErrorEventFreeHandleLast
            • String ID: Local\$UuidCreate failed$UuidToString failed$create_security_event$event name
            • API String ID: 354563649-871040882
            • Opcode ID: 02c2bc4453da3b1fb5412d323f1400ec8fa032de20f78dbf26c1c788ace97e54
            • Instruction ID: c8d11c8d5e3762e5703459a460306a7994895e0259c16c7df73e6bb422e680c4
            • Opcode Fuzzy Hash: 02c2bc4453da3b1fb5412d323f1400ec8fa032de20f78dbf26c1c788ace97e54
            • Instruction Fuzzy Hash: BF126C22F18B8299EB10DFA4D8403AD2361FB547D8F544331EAAC56A9EEF3CE585C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
            • API String ID: 808467561-2761157908
            • Opcode ID: 3d91c6d0b746b0fcd54473a934b820777907149af494f91929977dbf4fda6ab7
            • Instruction ID: f44172a6e168ee85dd65d219aaa6458bc0b24b932a8cc45777a652148cb17f4c
            • Opcode Fuzzy Hash: 3d91c6d0b746b0fcd54473a934b820777907149af494f91929977dbf4fda6ab7
            • Instruction Fuzzy Hash: E0B2E272A183838BE7A58EA4D4417FC37A1FB45BC8F505135DA6E57B88DB3CAA01CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Sleep
            • String ID: Failed to get REGPATH_PRODUCT_COMMON$\wsc\$common$failed; err = $get_plugin $get_reg_path failed; err=$productinfo$reg path $wsc_telemetry::get_wsc_reg_path
            • API String ID: 3287135283-2246909796
            • Opcode ID: b2739a428af6b0594d3b14e63e15c0d9be3eeca76a6a3e83bd742934fa19f4c8
            • Instruction ID: d323e8d70fe41d5d8967fba87369a88eefcfd50938d1fbe152b7fbc36171477b
            • Opcode Fuzzy Hash: b2739a428af6b0594d3b14e63e15c0d9be3eeca76a6a3e83bd742934fa19f4c8
            • Instruction Fuzzy Hash: FD526032A09BC289EB618F74D8843ED3760FB447A8F544335D6AD46AA9DF3CE684C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Path$FileLibraryLoad$AppendErrorLastModuleNameRelativeRemoveSpec
            • String ID: as_reporter::register_to_wsc$original$product_info$resname$xlf:body$xlf:file$xlf:source$xlf:target$xlf:trans-unit
            • API String ID: 3705667736-2681812635
            • Opcode ID: 7f4a291e29e44920ed743498ce31a962e9636ebac574fd949d59397ed88b159d
            • Instruction ID: 968b55782388c552657f9f45fa243d73da43941c093236a7b4caaa1501e1ce1d
            • Opcode Fuzzy Hash: 7f4a291e29e44920ed743498ce31a962e9636ebac574fd949d59397ed88b159d
            • Instruction Fuzzy Hash: D9325762B09A4285FB119F95D4803AD23A1FB44BE8F444336DA6E577E8EF3CE495C342
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseErrorHandleLast$OpenProcess$ImpersonateLoggedSleepTokenUser
            • String ID: Coudl not impersonate the process. Error $Could not open the process token. Error $Could not open the process. Error $helpers::impersonation::details::begin
            • API String ID: 3462865037-865500394
            • Opcode ID: f8f360c2ca2aa2271b876976111c115cc0d958f12e8fa007c91c7c4a5f34c78f
            • Instruction ID: 0b368602f6cdfab966e2c2369ea024bc6c5a0c2dbc7fd5f76c9b7c31cb07e8ea
            • Opcode Fuzzy Hash: f8f360c2ca2aa2271b876976111c115cc0d958f12e8fa007c91c7c4a5f34c78f
            • Instruction Fuzzy Hash: 73F18E72B09B829AE7208FA4D8803AD37A4FB447D4F440635DAAE477A9EF3CD540C741
            APIs
              • Part of subcall function 00007FF8E7DC63B0: AllocateAndInitializeSid.ADVAPI32 ref: 00007FF8E7DC641D
              • Part of subcall function 00007FF8E7DC63B0: GetLastError.KERNEL32 ref: 00007FF8E7DC642E
            • SetEntriesInAclW.ADVAPI32 ref: 00007FF8E7DC6CE2
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AllocateEntriesErrorExceptionFileHeaderInitializeLastRaise
            • String ID: InitializeSecurityDescriptor failed$LocalAlloc failed$SetEntriesInAcl failed$SetSecurityDescriptorDacl failed$create_security_event
            • API String ID: 3643204505-1957490987
            • Opcode ID: dd606d6ea33e51c0226fb3ec32f06237e0110f7565ac49ee6450bb437f7965d4
            • Instruction ID: b5e474c0db542f35506e0ea7b0131243295efe5215346d83e2a5ecc07266cdd0
            • Opcode Fuzzy Hash: dd606d6ea33e51c0226fb3ec32f06237e0110f7565ac49ee6450bb437f7965d4
            • Instruction Fuzzy Hash: C3B19122E18B8296E710DBA4E4413BD7370FB98788F405235EADD12A59EF7CE295C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: \\.\PIPE\local\msgbus\wsccommunicator$cl.wsccommunicator.actions$iservconfig.dll$unordered_map/set too long$wsc$wsccommunicator
            • API String ID: 3668304517-3060933786
            • Opcode ID: 77a8db13d92faf5919e25ce158af2588152f4e61cf470220682b60c4aefa4383
            • Instruction ID: 168e7789b00ec28dbc71b693bcde003a55c7d7af6c3c4229a7c9ade1b818d85d
            • Opcode Fuzzy Hash: 77a8db13d92faf5919e25ce158af2588152f4e61cf470220682b60c4aefa4383
            • Instruction Fuzzy Hash: 7A328822B18B8699EB108FA5E4443AD3365FB44BD8F504332EBAD17A99EF3CE545C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ConditionMask$CloseCreateErrorEventHandleInfoLastVerifyVersion
            • String ID: create_event failed$create_security_event$event name $set_event failed
            • API String ID: 4098182476-3123728954
            • Opcode ID: eb57edee6bdb75806fbc704326dd3676b5ac3e00da072cbec6d2ed8889c7f96f
            • Instruction ID: ee00a6a4094d85fb5ec390762fdafad7a9afc3ba10b172f24f9d0d86a27490e7
            • Opcode Fuzzy Hash: eb57edee6bdb75806fbc704326dd3676b5ac3e00da072cbec6d2ed8889c7f96f
            • Instruction Fuzzy Hash: 65026E22B18B8295EB20CFA4E8407AD7760FB847D8F545335EAAC56A9DDF3CE185C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast$CloseHandleProcess32$AddressCallerCreateCurrentFirstLibraryLoadNextProcProcessSnapshotToolhelp32
            • String ID: Process32First failed$processes_iterator::increment failed
            • API String ID: 2232280031-3103084010
            • Opcode ID: 0bb5b39c8bfb574f99bb00628e46c6cd92de2880485d825e002d19ccf19a5f5d
            • Instruction ID: b9da61b45b7826b674e8c4dfed5509fdac3544a268f6c374a33d4b911c9d59de
            • Opcode Fuzzy Hash: 0bb5b39c8bfb574f99bb00628e46c6cd92de2880485d825e002d19ccf19a5f5d
            • Instruction Fuzzy Hash: E4425E22E18BC582E611CB28D5012FD7760F7A9B98F55E321DF9C12666EF39E2D6C700
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB270D
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7D79170: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D7918A
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DB2E16
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Sleep_invalid_parameter_noinfo$Time_invalid_parameter_noinfo_noreturntime
            • String ID: -> %s$0$Could not get the communication bus.$Could not get the communication channel for actions.$Could not get the communication subscription for actions.$cl.vsserv.actions$wsc_command_communication_provider::initialize_communication
            • API String ID: 1372000958-44104646
            • Opcode ID: 3091c106b0fa1044cb689f7c780877ecc5dfdccf3e59f8b8ba25df72bd0ca39f
            • Instruction ID: d2993b0747bc65007ea85146be9219c58ed5bbb44e463969b79eacbbcaa9a8ee
            • Opcode Fuzzy Hash: 3091c106b0fa1044cb689f7c780877ecc5dfdccf3e59f8b8ba25df72bd0ca39f
            • Instruction Fuzzy Hash: E7225C32A09B828AEB219FA4D8803ED37A0FB85794F540635DBAD477A9DF3CE541C741
            APIs
              • Part of subcall function 00007FF8E7D9BFA0: GetModuleHandleW.KERNEL32 ref: 00007FF8E7D9BFC2
              • Part of subcall function 00007FF8E7D9BFA0: GetLastError.KERNEL32 ref: 00007FF8E7D9BFCD
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DBBE7D
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorHandleLastModuleSleep_invalid_parameter_noinfo_noreturn
            • String ID: and bus $"$Could not add bus observer.$Could not get the communication bus for path $Could not get the communication channel.$cl.wsccommunicator.actions$nullptr$wsc_status_communication_peer::initialize_communication
            • API String ID: 324006007-979510685
            • Opcode ID: 211ff8ae994467acb9bfc455e482266fc9e6ea69c1f5302deae193688976201e
            • Instruction ID: c1429319339d1ccf287238d5f905fcf4efcb24ea73c936c4f4269e89f4fcee17
            • Opcode Fuzzy Hash: 211ff8ae994467acb9bfc455e482266fc9e6ea69c1f5302deae193688976201e
            • Instruction Fuzzy Hash: 51124C32A09B8299EB60DFA4E8803ED37A0FB84794F504235DAAD477A9DF3CE545C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast$CodeExitObjectProcessSingleSleepWait
            • String ID: GetExitCodeProcess failed $get_exit_code failed; err=$sync::wait failed$wsc_communicator_launcher_plg::log_wsc_communicator_exit_code$wsccommunicator exit code=
            • API String ID: 1043660891-1830431259
            • Opcode ID: cdd646db7bf61e239641413bc6a71656aef3541698a17edffc492496c502d743
            • Instruction ID: fb1ce9084edde2a3cb07e74ac2689e753e2fa05d9a7542cb2aacef173f2b68aa
            • Opcode Fuzzy Hash: cdd646db7bf61e239641413bc6a71656aef3541698a17edffc492496c502d743
            • Instruction Fuzzy Hash: D5F17332A08B8299E720DF64D8403ED77A4FB857D4F540235EAAD47AA9EF3CE544C742
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Wait$Threadpool$Close$CallbacksSleep
            • String ID: default_tp::wait_for failed; err=$framework::enqueue_task failed; err $wsc_communicator_launcher_plg::wait_for_wsc_communicator$wsc_communicator_launcher_plg::wait_for_wsc_communicator::<lambda_690d2e9095e62d4d27fcb54db28dcf87>::operator ()
            • API String ID: 141806699-3628095209
            • Opcode ID: 2e0eee3eec8a6a913d0e9598271e0f9ed773db157d7f149c01d4c3cee6f65234
            • Instruction ID: 405c2774b5c88198a8806a2358dd61af94fb4ccadf8014a8d28ad02f0cc4c90b
            • Opcode Fuzzy Hash: 2e0eee3eec8a6a913d0e9598271e0f9ed773db157d7f149c01d4c3cee6f65234
            • Instruction Fuzzy Hash: 93023D32A09B8299EB11CFA4E8803AD77A4FB847D4F544235EAAD437A9DF3CD544C742
            APIs
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DA39C1
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7DA3B60: timeGetTime.WINMM ref: 00007FF8E7DA3B90
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: SleepTime_invalid_parameter_noinfo_noreturntime
            • String ID: $-> %s$No command line given.$wsc_command_communication_peer::process_command_line$wsc_command_communication_peer::update
            • API String ID: 793901584-2339749392
            • Opcode ID: cb0649358c915e1532cb199cc34696127b6a8273bc5b1d85e8efd3ca29c060fc
            • Instruction ID: b4863bf32328e7d0fbaa8ecba24f45d486a70b9cc31234d7729d2f6211fc7103
            • Opcode Fuzzy Hash: cb0649358c915e1532cb199cc34696127b6a8273bc5b1d85e8efd3ca29c060fc
            • Instruction Fuzzy Hash: E4C16E32B08B828AE7109BA4D4503AD73A2FB847E4F504636EAAD467E9DF7CE541C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLastNameTranslate$CodePageValid
            • String ID: utf8
            • API String ID: 2136749100-905460609
            • Opcode ID: dec2d562c6ac7200062f6b6d5e4b67fbb05c166858258c20e67950645513c59e
            • Instruction ID: 64d22a48804ab5d61877b9f49c9ae59032f23b758a7118e51a3b0809214b7783
            • Opcode Fuzzy Hash: dec2d562c6ac7200062f6b6d5e4b67fbb05c166858258c20e67950645513c59e
            • Instruction Fuzzy Hash: AA917B72A0878385EBA4EFA1D4423BD23A5AB84FC0F444131DAAD67786DF3DE551C702
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorFileLastWrite$ConsoleOutput
            • String ID:
            • API String ID: 1443284424-0
            • Opcode ID: 257132a9322851fb0deb8822e3e59290b65c2cc15c54d63f05e02c08143ff9da
            • Instruction ID: 627955445d7210a812be080b64a53fc3afc2c93978ccb99f781e621365ed6904
            • Opcode Fuzzy Hash: 257132a9322851fb0deb8822e3e59290b65c2cc15c54d63f05e02c08143ff9da
            • Instruction Fuzzy Hash: EBE10362B086828AE740CFA4D8412AD77B1FB44BC8F548136DFAE57B99DE3CD816C701
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Sleep
            • String ID: no event; acs reporter was previously launched successfully$no event; legacy reporter was successfully launched$reporter_type$was_last_reporter_legacy_signed err=$wsc_telemetry::should_post_launch_event
            • API String ID: 3472027048-2828353041
            • Opcode ID: 731fb0a7d5677233efd1a232cd7dfcfc28f7f827e317ae62892c56c01d8f83e9
            • Instruction ID: 5ec98e22e78f3ddfb366a723b3ec3fea0c761a9ec5d4528c4677393046636ead
            • Opcode Fuzzy Hash: 731fb0a7d5677233efd1a232cd7dfcfc28f7f827e317ae62892c56c01d8f83e9
            • Instruction Fuzzy Hash: 89125032A09BC289E761DFA4D8803ED37A4FB95398F540335DAAD46AA9DF3CE544C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: %
            • API String ID: 3668304517-2567322570
            • Opcode ID: 313953fc278976dd8f00d8b600abfc55176e1cf81721bd266acf7ed24a014219
            • Instruction ID: 0b3393062e589b1242f45968e0218f8a42bccc82d3306d89a8451972e905fd07
            • Opcode Fuzzy Hash: 313953fc278976dd8f00d8b600abfc55176e1cf81721bd266acf7ed24a014219
            • Instruction Fuzzy Hash: 8A122022B08AC58AFB298BA5D4503FD67A1EB487C8F048236DE6C17B8DDF3CD5558302
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: as_reporter::register_to_wsc$gfffffff
            • API String ID: 3215553584-3814610652
            • Opcode ID: 2798973fea7b8dacd20ae3b92fa8ebb75846db62b60c57644e3f22af6063f8e1
            • Instruction ID: 76a7724b8df0eedddc4c118ce36b0e16ff3e3ba4b62512f07032a8a75ca22b55
            • Opcode Fuzzy Hash: 2798973fea7b8dacd20ae3b92fa8ebb75846db62b60c57644e3f22af6063f8e1
            • Instruction Fuzzy Hash: C1911162B093C68AEB15CBA9D4107BD6B95EB92FC4F058032CEAD57785DE3DE502C702
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AllocateErrorInitializeLast
            • String ID: allocate_initialized_sid world sid failed
            • API String ID: 650103560-1214771766
            • Opcode ID: 27ee6a13ad4d00bcf9b0533b174d77050bcc6ed472551afb005b68510ed8a707
            • Instruction ID: e3c175a55c5d020b53cc922bfaa4ce5d501e79530ec677d991f3229896c01871
            • Opcode Fuzzy Hash: 27ee6a13ad4d00bcf9b0533b174d77050bcc6ed472551afb005b68510ed8a707
            • Instruction Fuzzy Hash: AE317C32A1CB81C6E3608F24E44176D73A4F798B84F555229EADC43B18DF3CE585CB40
            APIs
            • CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF8E7DCA4D2
            • GetLastError.KERNEL32 ref: 00007FF8E7DCA4E1
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CreateErrorExceptionFileHeaderLastRaiseSnapshotToolhelp32
            • String ID: CreateToolhelp32Snapshot failed
            • API String ID: 2145101893-3319542737
            • Opcode ID: bbd869158f55333955de2d1d86978f4a165371d3e45981408354ec0f24e648ae
            • Instruction ID: dea4453366fc045d967bd70f6b8be49205e604d75fee69a849e282c43a568c3c
            • Opcode Fuzzy Hash: bbd869158f55333955de2d1d86978f4a165371d3e45981408354ec0f24e648ae
            • Instruction Fuzzy Hash: A3213032A28B8692D740CF54F4805ADB360FB947D0F505235FBAE02AA8DF3CD545CB01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: InfoLocaletry_get_function
            • String ID: GetLocaleInfoEx
            • API String ID: 2200034068-2904428671
            • Opcode ID: cfc8c3811f721be62a342303cc07cc9773a432c1c0d5500baeb09ab1c772937f
            • Instruction ID: f66e38ec6fc72a8d793cb6482b9163982ca91a27fc6661a2ccc12fea4b57d177
            • Opcode Fuzzy Hash: cfc8c3811f721be62a342303cc07cc9773a432c1c0d5500baeb09ab1c772937f
            • Instruction Fuzzy Hash: E701AD24B08B8385E7049BA6F4426BEA260BF88FC0F584035DEAC07B69CF3CE511C741
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: SleepValue
            • String ID: get_last_status_from_reg err=$no event; status did not change $status$wsc_telemetry::should_post_status_event
            • API String ID: 1540188156-2234276386
            • Opcode ID: efda87f589d3a7626da3c5582d503825388260b7709476c3628ce1a79ad6e412
            • Instruction ID: a3f58b9b566622caa57a6c1d26e19e101277dbd7fee60f43dc221fc57ff1df83
            • Opcode Fuzzy Hash: efda87f589d3a7626da3c5582d503825388260b7709476c3628ce1a79ad6e412
            • Instruction Fuzzy Hash: 27C17032A09B8289E711DFA4D8803ED77A0FB84794F544336EAAD43AA9DF3CE554C741
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: memcpy_s
            • String ID:
            • API String ID: 1502251526-0
            • Opcode ID: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
            • Instruction ID: 2f1d7a9901955376179af12285c78eca958c28ec3e92973af210f8e1b5a41e03
            • Opcode Fuzzy Hash: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
            • Instruction Fuzzy Hash: 02C1C372B1828787EB34CF99E148B6EB791F795B88F448135DB9A43744DA3DE801DB40
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExceptionRaise_clrfp
            • String ID:
            • API String ID: 15204871-0
            • Opcode ID: 4483f8b8f71f5790b806942da9f00b40589a6ca46d61d7083b68b0c364927684
            • Instruction ID: 0c25a39b3d21b42a70235246c3433c7504978d699741cbb63c2beb89cc137755
            • Opcode Fuzzy Hash: 4483f8b8f71f5790b806942da9f00b40589a6ca46d61d7083b68b0c364927684
            • Instruction Fuzzy Hash: 82B14B73600B8A8BEB59CF69D88636C77A0F784F88F158921DAAD877A4CB3DD451C701
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Wcsftime$_invalid_parameter_noinfo
            • String ID:
            • API String ID: 4239037671-0
            • Opcode ID: 1fafaeaf9c7787aec460799da016924c121897d79fd4ee3cc5861c1151b3cd4a
            • Instruction ID: 7622d2137489d68d463f9b9b075733d4d3903f6c4ecc8f2fc51a9f602e918cb3
            • Opcode Fuzzy Hash: 1fafaeaf9c7787aec460799da016924c121897d79fd4ee3cc5861c1151b3cd4a
            • Instruction Fuzzy Hash: A381BD72A04A5286EB60CEA5C4913BD23A0FB85FD8F008636EEAE97795CF3CD151C741
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID: $":
            • API String ID: 0-230526031
            • Opcode ID: cd813b11cd6d0fa46536a4103b3762bb317961ce0bd0c35d021b2dd0b4e14cfd
            • Instruction ID: f5808d24eacc70bc38701f9b4964fcb7946bd063f6c4277c309af8405eac0da3
            • Opcode Fuzzy Hash: cd813b11cd6d0fa46536a4103b3762bb317961ce0bd0c35d021b2dd0b4e14cfd
            • Instruction Fuzzy Hash: A8D11366708A8AD1EB10DF6AD0843AD7761FB88FC8F448126CB6E07769CFADD554C341
            APIs
              • Part of subcall function 00007FF8E7E0C8B4: GetLastError.KERNEL32 ref: 00007FF8E7E0C8C3
              • Part of subcall function 00007FF8E7E0C8B4: SetLastError.KERNEL32 ref: 00007FF8E7E0C961
            • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF8E7E1AB77,?,00000000,00000092,?,?,00000000,?,00007FF8E7E0E88D), ref: 00007FF8E7E1A426
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast$EnumLocalesSystem
            • String ID:
            • API String ID: 2417226690-0
            • Opcode ID: 83f3779ca669aad0204b3d5fe1cc97e6a72dcf72a1798b3a6d8fe8124d55de5e
            • Instruction ID: 8826062f6b83d4c5796b261b4f2362cb63110745cb7d8bed5b65a7f3090c50e6
            • Opcode Fuzzy Hash: 83f3779ca669aad0204b3d5fe1cc97e6a72dcf72a1798b3a6d8fe8124d55de5e
            • Instruction Fuzzy Hash: C611CD63A186468AEB55CF6AD0413BC7BA0FB80FE0F448135DAA9532C0DE2CE9D1C741
            APIs
              • Part of subcall function 00007FF8E7E0C8B4: GetLastError.KERNEL32 ref: 00007FF8E7E0C8C3
              • Part of subcall function 00007FF8E7E0C8B4: SetLastError.KERNEL32 ref: 00007FF8E7E0C961
            • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF8E7E1AB33,?,00000000,00000092,?,?,00000000,?,00007FF8E7E0E88D), ref: 00007FF8E7E1A4D6
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast$EnumLocalesSystem
            • String ID:
            • API String ID: 2417226690-0
            • Opcode ID: e23646fd2d227c76cbfce6104d9aead9322adb2579794ff5793e667d0a82b129
            • Instruction ID: 50c29f9c21fc91df634a04f7af07c701d062fc78647200cf209258375fb5d4b0
            • Opcode Fuzzy Hash: e23646fd2d227c76cbfce6104d9aead9322adb2579794ff5793e667d0a82b129
            • Instruction Fuzzy Hash: 1201B572E0828386E7618B95E4457BD76A1EB40FE4F458231D6BD576D4CF7CA4818701
            APIs
            • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF8E7E10B0D,?,?,?,?,?,?,?,?,00000000,00007FF8E7E199CC), ref: 00007FF8E7E10707
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: EnumLocalesSystem
            • String ID:
            • API String ID: 2099609381-0
            • Opcode ID: eeaf9a03c15e4adcec5978c7806dfe8be6071808b549b761d238188506e30799
            • Instruction ID: 66e17d89a3c6d3cb58f65b0a31f90495f1ecf4fdb78a5d33e7db85b2ac9aa13c
            • Opcode Fuzzy Hash: eeaf9a03c15e4adcec5978c7806dfe8be6071808b549b761d238188506e30799
            • Instruction Fuzzy Hash: 06F01972B18B4682E644DBA5F8506AD2362FB99BC4F448135EAAD83765CF3CE4508741
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: as_reporter::register_to_wsc
            • API String ID: 3215553584-929089643
            • Opcode ID: 912d4b4789743c3ca43e96574a5cdafd5431de6c1ae656ae234e9b32b3465c11
            • Instruction ID: 21505a3b507a5cd21b4f736d0006157df1b4d65c1280f7524e2e10287181741b
            • Opcode Fuzzy Hash: 912d4b4789743c3ca43e96574a5cdafd5431de6c1ae656ae234e9b32b3465c11
            • Instruction Fuzzy Hash: 5881E425B1C20346EBAC9A99C0007BD2290EF447C4F846336DDAD5729DDF2DE866D747
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: 0
            • API String ID: 3215553584-4108050209
            • Opcode ID: ace04daab76ddb82c2a322ab16e9a1e91c8ae4a7e051475dad2933368f00b410
            • Instruction ID: 70a914abacdf5baa617315bd46f89bb5968088a4c9933082c720c02e7e88a193
            • Opcode Fuzzy Hash: ace04daab76ddb82c2a322ab16e9a1e91c8ae4a7e051475dad2933368f00b410
            • Instruction Fuzzy Hash: 4661E012B0C64646FA6CAAA9D0003BE63929B41BC4F440731DDAD177DECE2DF8679747
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLastNameTranslatetry_get_function$CodePageValid_invalid_parameter_noinfo
            • String ID:
            • API String ID: 3827717455-0
            • Opcode ID: 8c5c8449dca8e6266ba19c0bb8fb56d6522d5fc2d1a1a5718314e3a75ee23f60
            • Instruction ID: 7828152f6c0f1cf06345ec6a756f09d3a01984f3a171a6c47f41ffb471caafe0
            • Opcode Fuzzy Hash: 8c5c8449dca8e6266ba19c0bb8fb56d6522d5fc2d1a1a5718314e3a75ee23f60
            • Instruction Fuzzy Hash: 56C1D266A0868385EB64ABA1D4107BE27A0FF85FC8F444135DEEE87698DF3CE544C702
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93530646df29749afa91e61df2abb8bc8a6fb3876a88a40663f3942d3b996256
            • Instruction ID: d9abf2a8574273c53a393f89934ab9e4685bc42bfc49f430d232be1f145427f1
            • Opcode Fuzzy Hash: 93530646df29749afa91e61df2abb8bc8a6fb3876a88a40663f3942d3b996256
            • Instruction Fuzzy Hash: 2551E3A3B0568443DB248B49F84279AF7A5FB987C5F00A126EE8D57B68EB3CD5918700
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorFreeHeapLast
            • String ID:
            • API String ID: 485612231-0
            • Opcode ID: 8c719e120d0d9f96c7e5f727cc9448642e9569033ba7c8cba27f664e72df5945
            • Instruction ID: 408a5e9bf2e95d0f2923981cf8f2431351bc90b10aea672141805166c6e7eefe
            • Opcode Fuzzy Hash: 8c719e120d0d9f96c7e5f727cc9448642e9569033ba7c8cba27f664e72df5945
            • Instruction Fuzzy Hash: E5410622724A5985EF44CFA6D92567D7391F749FD4B089432EE9D87B58DF3CD0028300

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressProc$Module$FileHandleLibraryLoadName_invalid_parameter_noinfo
            • String ID: LogApplySettings$LogEnable$LogGetLevel$LogInit$LogIsEnabled$LogMonitorSettings$LogRemoveModule$LogSetDepth$LogSetLevel$LogSetMaxSize$LogSetMode$LogSetPath$LogSetSettingsFile$LogSetType$LogTrackEvent$LogTrackEventData$LogUninitDeskMetrics$LogWrite$\log.dll$log.dll
            • API String ID: 1615345808-1639299978
            • Opcode ID: dd354fb9f4bb87fb8811e6debc5b2c748d1c3fbd3bd6cf9279ac7fd97c967d97
            • Instruction ID: 50af5641125c7993a73a82d09cb6f1917f61fc4f879d899ecb72f0a9be53cf9f
            • Opcode Fuzzy Hash: dd354fb9f4bb87fb8811e6debc5b2c748d1c3fbd3bd6cf9279ac7fd97c967d97
            • Instruction Fuzzy Hash: 1281D476A09F4791EB409FA5E88432C33A5FB48F88B585239DA9D87328EF7DD455C302
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: object key$object separator
            • API String ID: 3668304517-2279923633
            • Opcode ID: 0160c675e81242f2c52e0f0eb889d2c93e3da8b7d016cb9cc27a39eaa72dfcad
            • Instruction ID: deb6e28b40b796e6e8ac495b89cf3169f834a3481f4f28bb8c765cb505e4b1af
            • Opcode Fuzzy Hash: 0160c675e81242f2c52e0f0eb889d2c93e3da8b7d016cb9cc27a39eaa72dfcad
            • Instruction Fuzzy Hash: E602AA22B18A868AEA24DFA4D4453FD2361FB457D8F404731DAAD47A9EEF7CE141C302

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1821 7ff8e7daa6f7-7ff8e7daa707 call 7ff8e7dfed68 1824 7ff8e7daad8f-7ff8e7daadb7 call 7ff8e7da6fc0 1821->1824 1825 7ff8e7daa70d-7ff8e7daa727 call 7ff8e7daf1e0 1821->1825 1831 7ff8e7daae38-7ff8e7daae5a call 7ff8e7d79dc0 1824->1831 1832 7ff8e7daadb9-7ff8e7daadc8 1824->1832 1830 7ff8e7daa7d5-7ff8e7daa7d8 1825->1830 1836 7ff8e7dab9d7 1830->1836 1837 7ff8e7daa7de 1830->1837 1847 7ff8e7daae5d-7ff8e7daaf15 call 7ff8e7d79650 call 7ff8e7d9f270 call 7ff8e7da6fc0 call 7ff8e7da6160 1831->1847 1834 7ff8e7daadca 1832->1834 1835 7ff8e7daadcd-7ff8e7daade4 1832->1835 1834->1835 1842 7ff8e7daae00 1835->1842 1843 7ff8e7daade6-7ff8e7daaded 1835->1843 1840 7ff8e7dab9da-7ff8e7dab9ee call 7ff8e7da70d0 1836->1840 1838 7ff8e7daa802-7ff8e7daa809 1837->1838 1839 7ff8e7daa7e0-7ff8e7daa7e6 1837->1839 1848 7ff8e7daa80d-7ff8e7daa822 1838->1848 1839->1838 1844 7ff8e7daa7e8-7ff8e7daa800 1839->1844 1858 7ff8e7dab9f1 call 7ff8e7df2ff0 1840->1858 1846 7ff8e7daae03-7ff8e7daae36 call 7ff8e7df55b0 * 3 1842->1846 1843->1842 1849 7ff8e7daadef-7ff8e7daadf2 1843->1849 1844->1848 1846->1847 1899 7ff8e7daaf17-7ff8e7daaf2b 1847->1899 1900 7ff8e7daaf4b-7ff8e7daaf93 call 7ff8e7df51e4 * 2 1847->1900 1853 7ff8e7daa824-7ff8e7daa836 1848->1853 1854 7ff8e7daa838-7ff8e7daa83c 1848->1854 1850 7ff8e7daadf4-7ff8e7daadf6 1849->1850 1851 7ff8e7daadf8-7ff8e7daadfe 1849->1851 1850->1846 1851->1846 1857 7ff8e7daa840-7ff8e7daa850 1853->1857 1854->1857 1863 7ff8e7daa856-7ff8e7daa85e call 7ff8e7da6cd0 1857->1863 1864 7ff8e7daa917-7ff8e7daa91f call 7ff8e7da6cd0 1857->1864 1862 7ff8e7dab9f6-7ff8e7daba18 1858->1862 1877 7ff8e7daa860-7ff8e7daa868 call 7ff8e7da6cd0 1863->1877 1878 7ff8e7daa86d-7ff8e7daa871 1863->1878 1874 7ff8e7daa921-7ff8e7daa92c call 7ff8e7da6cd0 1864->1874 1875 7ff8e7daa967-7ff8e7daa96b 1864->1875 1897 7ff8e7daa932-7ff8e7daa943 call 7ff8e7dadaa0 1874->1897 1898 7ff8e7dab76b-7ff8e7dab815 call 7ff8e7d79980 call 7ff8e7da63c0 call 7ff8e7d9e8b0 call 7ff8e7da6fc0 call 7ff8e7da6160 1874->1898 1885 7ff8e7daa971-7ff8e7daa97b call 7ff8e7dad740 1875->1885 1886 7ff8e7dab92b-7ff8e7dab9d5 call 7ff8e7d79af0 call 7ff8e7da63c0 call 7ff8e7d9e8b0 call 7ff8e7da6fc0 call 7ff8e7da6160 call 7ff8e7d79b30 call 7ff8e7d95e80 call 7ff8e7d79b30 * 2 1875->1886 1901 7ff8e7daa37b-7ff8e7daa385 1877->1901 1880 7ff8e7daa877-7ff8e7daa881 call 7ff8e7dad650 1878->1880 1881 7ff8e7dab3ea-7ff8e7dab494 call 7ff8e7d79980 call 7ff8e7da63c0 call 7ff8e7d9e8b0 call 7ff8e7da6fc0 call 7ff8e7da6160 1878->1881 1904 7ff8e7daa4b6-7ff8e7daa4b9 1880->1904 1907 7ff8e7daa887-7ff8e7daa88a 1880->1907 1994 7ff8e7dab496-7ff8e7dab4aa 1881->1994 1995 7ff8e7dab4ca-7ff8e7dab512 call 7ff8e7df51e4 * 2 1881->1995 1903 7ff8e7daa981-7ff8e7daa984 1885->1903 1885->1904 1886->1840 1897->1904 1933 7ff8e7daa949-7ff8e7daa954 call 7ff8e7da6cd0 1897->1933 2018 7ff8e7dab817-7ff8e7dab82b 1898->2018 2019 7ff8e7dab84b-7ff8e7dab893 call 7ff8e7df51e4 * 2 1898->2019 1909 7ff8e7daaf46 call 7ff8e7df3010 1899->1909 1910 7ff8e7daaf2d-7ff8e7daaf40 1899->1910 1956 7ff8e7daaf95-7ff8e7daafa9 1900->1956 1957 7ff8e7daafca-7ff8e7daafd5 1900->1957 1911 7ff8e7daa7d2 1901->1911 1912 7ff8e7daa38b-7ff8e7daa7ae call 7ff8e7daef10 1901->1912 1915 7ff8e7daa9a2-7ff8e7daa9a6 1903->1915 1916 7ff8e7daa986-7ff8e7daa98c 1903->1916 1904->1840 1919 7ff8e7daa8a8-7ff8e7daa8ac 1907->1919 1920 7ff8e7daa88c-7ff8e7daa892 1907->1920 1909->1900 1910->1909 1922 7ff8e7daba6d-7ff8e7daba72 call 7ff8e7df9c5c 1910->1922 1911->1830 1912->1830 1930 7ff8e7daa9aa-7ff8e7daa9b5 1915->1930 1916->1915 1928 7ff8e7daa98e-7ff8e7daa9a0 1916->1928 1935 7ff8e7daa8b0-7ff8e7daa8bb 1919->1935 1920->1919 1932 7ff8e7daa894-7ff8e7daa8a6 1920->1932 1953 7ff8e7daba73-7ff8e7daba78 call 7ff8e7df9c5c 1922->1953 1928->1930 1939 7ff8e7daa9b7-7ff8e7daa9cd 1930->1939 1940 7ff8e7daa9cf-7ff8e7daa9d7 1930->1940 1932->1935 1966 7ff8e7dab5aa-7ff8e7dab654 call 7ff8e7d79980 call 7ff8e7da63c0 call 7ff8e7d9e8b0 call 7ff8e7da6fc0 call 7ff8e7da6160 1933->1966 1967 7ff8e7daa95a-7ff8e7daa962 call 7ff8e7da6cd0 1933->1967 1944 7ff8e7daa8d5-7ff8e7daa8dd 1935->1944 1945 7ff8e7daa8bd-7ff8e7daa8d3 1935->1945 1950 7ff8e7daa9db-7ff8e7daaa0a call 7ff8e7dae1b0 1939->1950 1940->1950 1954 7ff8e7daa8e1-7ff8e7daa912 call 7ff8e7dae1b0 1944->1954 1945->1954 1992 7ff8e7daa377 1950->1992 1985 7ff8e7daba79-7ff8e7daba96 call 7ff8e7df9c5c * 5 1953->1985 1954->1992 1958 7ff8e7daafc4-7ff8e7daafc9 call 7ff8e7df3010 1956->1958 1959 7ff8e7daafab-7ff8e7daafbe 1956->1959 1961 7ff8e7daafd7-7ff8e7daafeb 1957->1961 1962 7ff8e7dab00b-7ff8e7dab02f 1957->1962 1958->1957 1959->1953 1959->1958 1973 7ff8e7dab006 call 7ff8e7df3010 1961->1973 1974 7ff8e7daafed-7ff8e7dab000 1961->1974 1962->1840 1975 7ff8e7dab035-7ff8e7dab049 1962->1975 2068 7ff8e7dab656-7ff8e7dab66a 1966->2068 2069 7ff8e7dab68a-7ff8e7dab6d2 call 7ff8e7df51e4 * 2 1966->2069 1967->1901 1973->1962 1974->1973 1974->1985 1990 7ff8e7dab761-7ff8e7dab766 call 7ff8e7df3010 1975->1990 1991 7ff8e7dab04f-7ff8e7dab062 1975->1991 2012 7ff8e7daba97-7ff8e7daba9c call 7ff8e7df9c5c 1985->2012 1990->1840 1996 7ff8e7daba2b-7ff8e7daba3c call 7ff8e7df9c5c * 3 1991->1996 1997 7ff8e7dab068 1991->1997 1992->1901 2004 7ff8e7dab4c5 call 7ff8e7df3010 1994->2004 2005 7ff8e7dab4ac-7ff8e7dab4bf 1994->2005 2045 7ff8e7dab514-7ff8e7dab528 1995->2045 2046 7ff8e7dab548-7ff8e7dab56c 1995->2046 2076 7ff8e7daba3d-7ff8e7daba42 call 7ff8e7df9c5c 1996->2076 1997->1990 2004->1995 2005->2004 2005->2012 2043 7ff8e7daba9d-7ff8e7dabaa2 call 7ff8e7df9c5c 2012->2043 2028 7ff8e7dab846 call 7ff8e7df3010 2018->2028 2029 7ff8e7dab82d-7ff8e7dab840 2018->2029 2064 7ff8e7dab895-7ff8e7dab8a9 2019->2064 2065 7ff8e7dab8c9-7ff8e7dab8ed 2019->2065 2028->2019 2029->2028 2038 7ff8e7dabab5-7ff8e7dabad0 call 7ff8e7df9c5c 2029->2038 2038->1985 2067 7ff8e7dabad2-7ff8e7dabaf5 2038->2067 2074 7ff8e7dabaa3-7ff8e7dabaa8 call 7ff8e7df9c5c 2043->2074 2052 7ff8e7dab543 call 7ff8e7df3010 2045->2052 2053 7ff8e7dab52a-7ff8e7dab53d 2045->2053 2046->1840 2054 7ff8e7dab572-7ff8e7dab586 2046->2054 2052->2046 2053->2043 2053->2052 2054->1990 2063 7ff8e7dab58c-7ff8e7dab59f 2054->2063 2075 7ff8e7dab5a5 2063->2075 2063->2076 2071 7ff8e7dab8c4 call 7ff8e7df3010 2064->2071 2072 7ff8e7dab8ab-7ff8e7dab8be 2064->2072 2065->1840 2073 7ff8e7dab8f3-7ff8e7dab907 2065->2073 2079 7ff8e7dab685 call 7ff8e7df3010 2068->2079 2080 7ff8e7dab66c-7ff8e7dab67f 2068->2080 2109 7ff8e7dab6d4-7ff8e7dab6e8 2069->2109 2110 7ff8e7dab708-7ff8e7dab72c 2069->2110 2071->2065 2072->2071 2083 7ff8e7daba19-7ff8e7daba2a call 7ff8e7df9c5c * 3 2072->2083 2073->1990 2085 7ff8e7dab90d-7ff8e7dab920 2073->2085 2097 7ff8e7dabaa9-7ff8e7dabaae call 7ff8e7df9c5c 2074->2097 2075->1990 2092 7ff8e7daba43-7ff8e7daba6c call 7ff8e7df9c5c * 5 call 7ff8e7df0e84 * 2 2076->2092 2079->2069 2080->2074 2080->2079 2083->1996 2085->2092 2093 7ff8e7dab926 2085->2093 2092->1922 2093->1990 2115 7ff8e7dabaaf-7ff8e7dabab4 call 7ff8e7df9c5c 2097->2115 2112 7ff8e7dab703 call 7ff8e7df3010 2109->2112 2113 7ff8e7dab6ea-7ff8e7dab6fd 2109->2113 2110->1840 2114 7ff8e7dab732-7ff8e7dab746 2110->2114 2112->2110 2113->2097 2113->2112 2114->1990 2117 7ff8e7dab748-7ff8e7dab75b 2114->2117 2115->2038 2117->1898 2117->2115
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID: number overflow parsing '
            • API String ID: 0-3802681121
            • Opcode ID: 54b3be6625f04ec752b467e8b854f378ae8b6a7a8675f75cbdc24899f31a567d
            • Instruction ID: eca08e928c421e5a40a13741702baf6e38cbb3271e7a6ba6e192bfe7b6798095
            • Opcode Fuzzy Hash: 54b3be6625f04ec752b467e8b854f378ae8b6a7a8675f75cbdc24899f31a567d
            • Instruction Fuzzy Hash: 57C19E63B186868AEA14AFA5C4553FD2351FF45BD4F404B32DA7D47ACEEE6CE181C202

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
            • String ID: value
            • API String ID: 1346393832-494360628
            • Opcode ID: bd01e95eced0215074c59f1b9a029d42b153e2b2afbcf9a5d0ff2bb183a3a8f1
            • Instruction ID: 62dd5c85d5e9e1b2eca33099e1f7e1bb86a2403850501169ab12800dea1ffaed
            • Opcode Fuzzy Hash: bd01e95eced0215074c59f1b9a029d42b153e2b2afbcf9a5d0ff2bb183a3a8f1
            • Instruction Fuzzy Hash: FD61C223B5868649EA25AFA4D8553FE2391EF453E4F405B31D77C466CFDE2CE181C601

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: $ $ $-> %s$.exe$bd.process.broker$bd::process_broker::client::this_process_should_be_started_by_broker$desktop$error$error configuring msgbus builders$error converting cmdline from utf16 to utf8$error getting bus$error getting channel$error getting filename$error parsing cmdline$params$pid$process broker is not running.$settings$task
            • API String ID: 3668304517-2705530747
            • Opcode ID: 0675d6e4eb7ae98188734bec846530fe100898e31fa459e7f14c64a6e8a43d05
            • Instruction ID: 0d35f55ec584f099b7fca93861dec43bb1fd286ffc2ce8708484ff329ff0b4c3
            • Opcode Fuzzy Hash: 0675d6e4eb7ae98188734bec846530fe100898e31fa459e7f14c64a6e8a43d05
            • Instruction Fuzzy Hash: 0041A022B1C68285EE14ABA4E4553BE6361FF847D0F504B31E6BD466EEDF6CE0408706

            Control-flow Graph

            APIs
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E1112F
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E1114E
              • Part of subcall function 00007FF8E7E10734: GetProcAddress.KERNEL32(?,?,FFFFFFFF,00007FF8E7E10C26,?,?,0000E2F960481788,00007FF8E7E0CA7A,?,?,0000E2F960481788,00007FF8E7DFE9AD), ref: 00007FF8E7E1088C
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E1116D
              • Part of subcall function 00007FF8E7E10734: LoadLibraryExW.KERNEL32(?,?,FFFFFFFF,00007FF8E7E10C26,?,?,0000E2F960481788,00007FF8E7E0CA7A,?,?,0000E2F960481788,00007FF8E7DFE9AD), ref: 00007FF8E7E107D7
              • Part of subcall function 00007FF8E7E10734: GetLastError.KERNEL32(?,?,FFFFFFFF,00007FF8E7E10C26,?,?,0000E2F960481788,00007FF8E7E0CA7A,?,?,0000E2F960481788,00007FF8E7DFE9AD), ref: 00007FF8E7E107E5
              • Part of subcall function 00007FF8E7E10734: LoadLibraryExW.KERNEL32(?,?,FFFFFFFF,00007FF8E7E10C26,?,?,0000E2F960481788,00007FF8E7E0CA7A,?,?,0000E2F960481788,00007FF8E7DFE9AD), ref: 00007FF8E7E10827
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E1118C
              • Part of subcall function 00007FF8E7E10734: FreeLibrary.KERNEL32(?,?,FFFFFFFF,00007FF8E7E10C26,?,?,0000E2F960481788,00007FF8E7E0CA7A,?,?,0000E2F960481788,00007FF8E7DFE9AD), ref: 00007FF8E7E10860
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E111AB
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E111CA
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E111E9
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E11208
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E11227
            • try_get_function.LIBVCRUNTIME ref: 00007FF8E7E11246
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
            • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
            • API String ID: 3255926029-3252031757
            • Opcode ID: fef386772ac757913ea159840149b1bcdd51d7f778568774226ed40a49d65bca
            • Instruction ID: 519b256ef7a1ddc01c4b125321960c6751a671b5600a6f0f42bc4d7e5f463aeb
            • Opcode Fuzzy Hash: fef386772ac757913ea159840149b1bcdd51d7f778568774226ed40a49d65bca
            • Instruction Fuzzy Hash: EE317464909A8BA5F648EBD0E8517FC2322AF06FD4F801433D1BD5A1A5CF7CA659C742

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CommandLine_invalid_parameter_noinfo$ArgvTimetime
            • String ID: bd.process.broker$bd.process.broker.channel.spawner$bd::process_broker::client::spawn_process_in_desktop$bd::process_broker::client::spawn_process_with_current_params$error$from$method$module$no reply$params$pid$process_broker$process_broker_client$spawn$task$version
            • API String ID: 827290549-3244699996
            • Opcode ID: 4923fe0b6e2c9ee17a4e2e9b2fa562de12de03fa93b65a2c0ad9d480a309e082
            • Instruction ID: faf5f27c5c58d8e0a9a4f85f9f67bb37a9f18cf611674ac2f62c4eec06639372
            • Opcode Fuzzy Hash: 4923fe0b6e2c9ee17a4e2e9b2fa562de12de03fa93b65a2c0ad9d480a309e082
            • Instruction Fuzzy Hash: C5419272A08B8299E7209FA1E8407ED73A4FB44BD4F504235EAAC47B99DF7CE645C341

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 4448 7ff8e7dce170-7ff8e7dce1d4 SHGetKnownFolderPath 4449 7ff8e7dce1d6-7ff8e7dce1e2 CoTaskMemFree 4448->4449 4450 7ff8e7dce1e7-7ff8e7dce1eb 4448->4450 4451 7ff8e7dce27f-7ff8e7dce284 4449->4451 4452 7ff8e7dce1f2-7ff8e7dce1fb 4450->4452 4453 7ff8e7dce286-7ff8e7dce28b 4451->4453 4454 7ff8e7dce290-7ff8e7dce2eb call 7ff8e7d7a750 call 7ff8e7d8f120 call 7ff8e7d8ef60 call 7ff8e7d8f120 4451->4454 4452->4452 4455 7ff8e7dce1fd-7ff8e7dce22b call 7ff8e7d7a750 call 7ff8e7d76830 4452->4455 4456 7ff8e7dce4d0-7ff8e7dce503 call 7ff8e7da4f30 call 7ff8e7df2ff0 4453->4456 4480 7ff8e7dce324-7ff8e7dce32c 4454->4480 4481 7ff8e7dce2ed-7ff8e7dce303 4454->4481 4468 7ff8e7dce263-7ff8e7dce27d CoTaskMemFree 4455->4468 4469 7ff8e7dce22d-7ff8e7dce243 4455->4469 4468->4451 4472 7ff8e7dce245-7ff8e7dce258 4469->4472 4473 7ff8e7dce25e call 7ff8e7df3010 4469->4473 4472->4473 4476 7ff8e7dce50a-7ff8e7dce50f call 7ff8e7df9c5c 4472->4476 4473->4468 4485 7ff8e7dce510-7ff8e7dce515 call 7ff8e7df9c5c 4476->4485 4486 7ff8e7dce364-7ff8e7dce3a3 call 7ff8e7d8f120 LoadLibraryW 4480->4486 4487 7ff8e7dce32e-7ff8e7dce344 4480->4487 4483 7ff8e7dce305-7ff8e7dce318 4481->4483 4484 7ff8e7dce31e-7ff8e7dce323 call 7ff8e7df3010 4481->4484 4483->4484 4483->4485 4484->4480 4495 7ff8e7dce516-7ff8e7dce51b call 7ff8e7df9c5c 4485->4495 4499 7ff8e7dce3a5-7ff8e7dce3a7 4486->4499 4500 7ff8e7dce3a9-7ff8e7dce3bf GetLastError 4486->4500 4490 7ff8e7dce346-7ff8e7dce359 4487->4490 4491 7ff8e7dce35f call 7ff8e7df3010 4487->4491 4490->4491 4490->4495 4491->4486 4505 7ff8e7dce51c-7ff8e7dce521 call 7ff8e7df9c5c 4495->4505 4501 7ff8e7dce3c2-7ff8e7dce3c8 4499->4501 4500->4501 4503 7ff8e7dce3d0-7ff8e7dce3db 4501->4503 4504 7ff8e7dce3ca FreeLibrary 4501->4504 4506 7ff8e7dce413-7ff8e7dce415 4503->4506 4507 7ff8e7dce3dd-7ff8e7dce3f3 4503->4507 4504->4503 4511 7ff8e7dce417-7ff8e7dce42d GetProcAddress 4506->4511 4512 7ff8e7dce491 4506->4512 4509 7ff8e7dce3f5-7ff8e7dce408 4507->4509 4510 7ff8e7dce40e call 7ff8e7df3010 4507->4510 4509->4505 4509->4510 4510->4506 4516 7ff8e7dce433-7ff8e7dce449 GetLastError 4511->4516 4517 7ff8e7dce42f-7ff8e7dce431 4511->4517 4514 7ff8e7dce493-7ff8e7dce49b 4512->4514 4514->4456 4518 7ff8e7dce49d-7ff8e7dce4b3 4514->4518 4519 7ff8e7dce44c-7ff8e7dce452 4516->4519 4517->4519 4520 7ff8e7dce4b5-7ff8e7dce4c8 4518->4520 4521 7ff8e7dce4ca-7ff8e7dce4cf call 7ff8e7df3010 4518->4521 4519->4512 4522 7ff8e7dce454-7ff8e7dce46a GetProcAddress 4519->4522 4520->4521 4523 7ff8e7dce504-7ff8e7dce509 call 7ff8e7df9c5c 4520->4523 4521->4456 4525 7ff8e7dce470-7ff8e7dce486 GetLastError 4522->4525 4526 7ff8e7dce46c-7ff8e7dce46e 4522->4526 4523->4476 4527 7ff8e7dce489-7ff8e7dce48f 4525->4527 4526->4527 4527->4512 4527->4514
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFreeLast$AddressLibraryProcTask$FolderKnownLoadPath
            • String ID: WscRegisterForChanges$WscUnRegisterChanges$wscapi.dll
            • API String ID: 3703913738-3196563575
            • Opcode ID: 69cf77908e0306ff12f8ca091471fce32200b4c850e4cbef9737b7e36c8bff3e
            • Instruction ID: 108296e6466c47bd4aa0c8371a50165f1744800fbd07a0feab60e358fc7fa4f7
            • Opcode Fuzzy Hash: 69cf77908e0306ff12f8ca091471fce32200b4c850e4cbef9737b7e36c8bff3e
            • Instruction Fuzzy Hash: EAB17CA2F18A429AFB009BE4D4443AC6376AB487D8F005731DEAC26A9DEF7CE145C351
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$String$AllocFreeSleep
            • String ID: -> %s$Failed to get xliff reader$IDS_FW_TITLE$SZ_PRODUCT_NAME$product_info$win_fw_ownership::set_fw_display_name$wsc
            • API String ID: 3663937487-751033612
            • Opcode ID: 3e1d0280b6c7b007f1d48e2e53eba1119cfd91281e1d384c7fde7d584a89da7c
            • Instruction ID: 87af4c74597da1e5d8a966aee87016a47dc028d50b451948acb47a9641bca7ff
            • Opcode Fuzzy Hash: 3e1d0280b6c7b007f1d48e2e53eba1119cfd91281e1d384c7fde7d584a89da7c
            • Instruction Fuzzy Hash: F6024E32B19BC681EA209B54E4843AE73A5FB847E4F404735DAAD43BA9DF3CE055CB01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Library$Free$ErrorLast$AddressLoadProc$_invalid_parameter_noinfo_noreturn
            • String ID: BdCreateObject$BdDestroyObject$productinfo
            • API String ID: 532591974-603925719
            • Opcode ID: e5a8c608babae976017785d1226202bf817aa816162ce2520039809b57b8e4fc
            • Instruction ID: 81be62047446e494a53ebb5df4c68fef085fd0d8d92351982cde8024b4252382
            • Opcode Fuzzy Hash: e5a8c608babae976017785d1226202bf817aa816162ce2520039809b57b8e4fc
            • Instruction Fuzzy Hash: 70C13676B09B4289EB04CFA5E8443AD33B5BB48BD8B018535DEAD17798EE3CD019D345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Path$AddressFileLibraryLoadProc$AppendErrorLastModuleNameRelativeRemoveSpec
            • String ID: BdCreateObject$BdDestroyObject$IServConfig.dll$productinfo
            • API String ID: 2857617921-3834769276
            • Opcode ID: 3376cacea87977b6839657724d97d17e7ec525bcb5a8be468a83449069eef622
            • Instruction ID: 7754f4ddff6abed9d7d5e6dc89448438074a804be030d5a9fd23bb38bd6516e8
            • Opcode Fuzzy Hash: 3376cacea87977b6839657724d97d17e7ec525bcb5a8be468a83449069eef622
            • Instruction Fuzzy Hash: C1511962B19B8392FB518B95E89436D63A0FF88BC4F444231DAAD43768EF3CE559C701
            APIs
            • GetFileAttributesExW.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF8E7DA2725), ref: 00007FF8E7DF2199
            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF8E7DA2725), ref: 00007FF8E7DF21A3
            • __std_fs_open_handle.LIBCPMT ref: 00007FF8E7DF21FF
            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF8E7DA2725), ref: 00007FF8E7DF2214
            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF8E7DA2725), ref: 00007FF8E7DF2370
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandle$AttributesErrorFileLast__std_fs_open_handle
            • String ID:
            • API String ID: 1051874144-0
            • Opcode ID: da79eb5c1ec006bc21afa9729c7a879b907b502b4cc47840c3f8cd540b99527c
            • Instruction ID: 20336a9a33f7b17c886d4465388e5d9c44482bdd0410be9bda92e65c1a71db95
            • Opcode Fuzzy Hash: da79eb5c1ec006bc21afa9729c7a879b907b502b4cc47840c3f8cd540b99527c
            • Instruction Fuzzy Hash: D4817F62B0CA4386F7688BE5E81477D22A0AF45BE4F180734DE7D876D8DF2CF9458212
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFileLastModuleName
            • String ID: \\.\PIPE\local\msgbus\$pipe_name$settings\process_broker.json
            • API String ID: 1728480589-2130054303
            • Opcode ID: f4b0b1fe396a97edd32a0533234a2f1cd1b1985e088d33391aaa2982a03cbf11
            • Instruction ID: f0c58d845eaa6c0ad6a44f6f114f7fd78e720cdca88d44ed520a14db2b546442
            • Opcode Fuzzy Hash: f4b0b1fe396a97edd32a0533234a2f1cd1b1985e088d33391aaa2982a03cbf11
            • Instruction Fuzzy Hash: BF126C72B18BC691EA219B94E4543AEA361FB89BD4F409731DAAD03ADDDFBCD140C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandle$ArgvCommandErrorFreeLastLineLocal
            • String ID: Failed to get mandatory arguments from cmdline$cmdline::get_arguments$cmdline_to_argv err=$invalid array position$invalid stoll argument$stoll argument out of range
            • API String ID: 1158548729-1681656909
            • Opcode ID: 2aa87064f5655012c9e2a89aff775a6bea827069b4959790a7b5a2ad391bd6cf
            • Instruction ID: ddf2725473cec4bb89552f32c320ecf8f5fe164fdeb368c4f5dac951e9272bdb
            • Opcode Fuzzy Hash: 2aa87064f5655012c9e2a89aff775a6bea827069b4959790a7b5a2ad391bd6cf
            • Instruction Fuzzy Hash: 9CE1AE32B09B8285EB218BA4E4803BD73A4FB84794F544631DBAD477A9EF3CE545C742
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: String$AllocFree_invalid_parameter_noinfo_invalid_parameter_noinfo_noreturn$SleepTimetime
            • String ID: $-> %s$Could not register the FW. Error $IDS_FW_TITLE$fw_reporter::register_to_wsc
            • API String ID: 2952592024-3007436920
            • Opcode ID: 3f54c649f8fcfa5c4f86e6c7d27bab7be760ed0eea7eba6aee5632726ddef843
            • Instruction ID: d60ba305b7912eaf418ae033dea4ddbcbdd370fbfcdc3cf15546fd8806c47ad1
            • Opcode Fuzzy Hash: 3f54c649f8fcfa5c4f86e6c7d27bab7be760ed0eea7eba6aee5632726ddef843
            • Instruction Fuzzy Hash: 78D16032B09B8286EB109BA4E8443AD7364FB857E4F504635EEAD47BA9DF3CE540C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: String$AllocFree_invalid_parameter_noinfo_invalid_parameter_noinfo_noreturn$SleepTimetime
            • String ID: $-> %s$Could not register the AS. Error $IDS_AS_TITLE$as_reporter::register_to_wsc
            • API String ID: 2952592024-2187673994
            • Opcode ID: 5aa622e8a7a953f584fbafc8961ad85c677f024204e564b65aff03ef48bad928
            • Instruction ID: 2b716dca9d12dfba7db259575ae6c5c593f23d2553466ebd3fa1236e12e7da79
            • Opcode Fuzzy Hash: 5aa622e8a7a953f584fbafc8961ad85c677f024204e564b65aff03ef48bad928
            • Instruction Fuzzy Hash: 1FD15F32B09B8285EB109BA4E8443AD6370FB857E4F504236EEAD47BA9DF7CE541C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Timetime$_invalid_parameter_noinfo$CloseMtx_unlockSleep
            • String ID: $ $ $-> %s$win_fw_ownership::uninitialize$win_fw_ownership::uninitialize_reg_key_handle$win_fw_ownership::uninitialize_serial_execution
            • API String ID: 1893202648-1962513574
            • Opcode ID: 78c919633e411219137631ccf637b5f84ba7f946e5d429706a70e5c271a9bc0f
            • Instruction ID: 3fcc84d68270ac85d46f76c70b1bdbcc4feec7db9bffbb554a7ffb9d09761da7
            • Opcode Fuzzy Hash: 78c919633e411219137631ccf637b5f84ba7f946e5d429706a70e5c271a9bc0f
            • Instruction Fuzzy Hash: A9C11D72A09A4286E710DBA4E8413AD7364FB84BB4F500336EABD476E9DF3CE545C781
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID:
            • API String ID: 3668304517-0
            • Opcode ID: 3a0695dc0ea66f419115a30f779f12246e5b48f10f266243b57493d921795b00
            • Instruction ID: 37478098e62859454788da6d8884c85aab42b3e9bed245af088f159a47b992bb
            • Opcode Fuzzy Hash: 3a0695dc0ea66f419115a30f779f12246e5b48f10f266243b57493d921795b00
            • Instruction Fuzzy Hash: 4881B023B19A4A8AEA10DFA4D4853FD23A1FB45784F845A31DB6D8778AEF3CE141C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Timetime$ErrorLastObjectSingleWait_invalid_parameter_noinfo
            • String ID: $ $-> %s$WaitForSingleObject failed$process_with_framework::OnStarting$process_with_framework::framework_thread$process_with_framework::uninitialize_framework
            • API String ID: 3884842641-2876963218
            • Opcode ID: b0fd510dfd83726c5f7d92340812d5a1c7fed6011f2657e5fcc90ddfc905a889
            • Instruction ID: 06e7fb350c2ff96f6582020e2e700d0cc1d7ad0d92a89b58b1898e549a37704c
            • Opcode Fuzzy Hash: b0fd510dfd83726c5f7d92340812d5a1c7fed6011f2657e5fcc90ddfc905a889
            • Instruction Fuzzy Hash: 97B13232A08B8296E710DBA4E8403ADB3B4FB847A4F504336EABD536A9DF7CD545C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Library$AddressLoadProc$ErrorFreeLastPathRelative_invalid_parameter_noinfo_noreturn
            • String ID: BdCreateObject$BdDestroyObject$msgbus
            • API String ID: 4157416513-830720807
            • Opcode ID: 44be42c1eda9b7e4e300cf907ff0301a0de82d6b0cc76884df480238db7c6da5
            • Instruction ID: c541869dc329308e6a110622e8f5fdc26084f54ac81bba434c9f3c616315db26
            • Opcode Fuzzy Hash: 44be42c1eda9b7e4e300cf907ff0301a0de82d6b0cc76884df480238db7c6da5
            • Instruction Fuzzy Hash: BBF17E32A19B8281EB15CF65E4403AD7364FB99BC4F105236EA9D03B59DF7CE5A1C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
            • String ID: parse error$parse_error
            • API String ID: 1944019136-1820534363
            • Opcode ID: 416bca92a00322410df6f5d7a162c09b635c771667511bb68b818cafd0379067
            • Instruction ID: 77b54ac2f82db16417420319002e35a7d9decf3d62c7b0f821110b09eb724654
            • Opcode Fuzzy Hash: 416bca92a00322410df6f5d7a162c09b635c771667511bb68b818cafd0379067
            • Instruction Fuzzy Hash: 65B17263B18B8695EB049BA4D4443AD6761FB957E8F509731DABC03ADADF7CE080C301
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Timetime$_invalid_parameter_noinfo$Sleep
            • String ID: $ $ $-> %s$as_reporter::release_instance$av_reporter::release_instance$fw_reporter::release_instance
            • API String ID: 4193772301-282480938
            • Opcode ID: ad3ff11daae84a6330829d4d4616bcd85627802b4fb8dda6d25618941c0872f0
            • Instruction ID: e8f62ddbac23b9ad98fd404bdf4fff4fa6071766c4001204633bf166e0782253
            • Opcode Fuzzy Hash: ad3ff11daae84a6330829d4d4616bcd85627802b4fb8dda6d25618941c0872f0
            • Instruction Fuzzy Hash: 4BB12F32A09B8296E710DBA4E8403AD7364FB847A5F500336EABD476E9DF3CE545CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandleService$ErrorExceptionFileHeaderLastManagerOpenRaise
            • String ID: OpenSCManager failed$vsserv$wscsvc
            • API String ID: 936445003-1012139206
            • Opcode ID: 7ff01f6cf5a91581daaab4c8572c40911cdb14b019d737ace7d93a0aca280411
            • Instruction ID: a00099154fe161d0ac7e44843196516a2e3bac692011633b89c29bb99db73584
            • Opcode Fuzzy Hash: 7ff01f6cf5a91581daaab4c8572c40911cdb14b019d737ace7d93a0aca280411
            • Instruction Fuzzy Hash: 32414032609B9686EB558F90E8407ADB3A4FF84BC4F004236DBAD03A58EF7CE555C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7B3EC
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $ with product being $-> %s$Could not update the AV status. Error $Updating AV status to $av_reporter::update_status$out of date.$up to date.
            • API String ID: 3860382505-3275023622
            • Opcode ID: 7564216f214083892a1db532f7371c0de2b45ca51b7c98749f407ca7c056fbf1
            • Instruction ID: 529a1adb33a93f66facabd95e4600141dca42d9b66f5f952ad6be4e93ff2f4cf
            • Opcode Fuzzy Hash: 7564216f214083892a1db532f7371c0de2b45ca51b7c98749f407ca7c056fbf1
            • Instruction Fuzzy Hash: F3F17032A09B8299E721DFA4D8803ED37A0FB447A8F504236DAAD477A9DF3CD544C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast$ByteCharMultiWide_invalid_parameter_noinfo_noreturn
            • String ID: bad expected access
            • API String ID: 3321244224-1948654898
            • Opcode ID: 199932c534dae117789480bc914c6f8426ffe252d6ab482e98539dca23a69e36
            • Instruction ID: 635ed9c1e8f3b7edba3990f89ef76d5c4c61a6cc2868260bc130b6818f51814f
            • Opcode Fuzzy Hash: 199932c534dae117789480bc914c6f8426ffe252d6ab482e98539dca23a69e36
            • Instruction Fuzzy Hash: CFA16262B18BC285E7218F65E44076EB3A5FB84794F405335DAED02A9ADF7CE095C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLibrary$FileFreeLoadModuleName
            • String ID: dll::get_foldername failed$wsccommunicator.exe$wsccommunicator_ls.exe
            • API String ID: 526934879-1203451368
            • Opcode ID: 6b40404dc2677805007f6ea50f45f730d4979c1436e105076224644d8c726bfb
            • Instruction ID: 26d6a07ea8bdacdf04c750d4889eea96e529511fe5bfa239021202494c24c72b
            • Opcode Fuzzy Hash: 6b40404dc2677805007f6ea50f45f730d4979c1436e105076224644d8c726bfb
            • Instruction Fuzzy Hash: 26816262F18B4699FB00DBA8E4453AC2335EB487D8F505335DEAD2669DEF3CA186C301
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
            • String ID:
            • API String ID: 1346393832-0
            • Opcode ID: fa51efe5f2010e1a82482f6b4b1f754bccd2dea221ff92413f9fbc106d1ba2b4
            • Instruction ID: d3201f554f98c3844e3f8e45d3cc98a61e0a48c7428db03045f17b681146587d
            • Opcode Fuzzy Hash: fa51efe5f2010e1a82482f6b4b1f754bccd2dea221ff92413f9fbc106d1ba2b4
            • Instruction Fuzzy Hash: 8D41AD73B086824AEB259FA4D8563ED2391FF457E4F404732D67C46ADADE6CE1829201
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFileLastModuleName
            • String ID: Error getting iservconfig$IServConfig.dll$bd::process_broker::detail::get_string_from_servconfig$common$error getting process folder. error=
            • API String ID: 1728480589-938094522
            • Opcode ID: ae62af4fb7d29ec10ee398fff82391fc244cbfc0930d203a41930526e51e8138
            • Instruction ID: 592eb9fb23dfd5fc3f51743c687ef6c381a4d38e3b63e0a6256ce7f40587898e
            • Opcode Fuzzy Hash: ae62af4fb7d29ec10ee398fff82391fc244cbfc0930d203a41930526e51e8138
            • Instruction Fuzzy Hash: 6F026132A08B8285EB60DFA4D8803ED7364FB847A4F404635DAAD47BA9DF7CE584C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFormatMessage
            • String ID: erro$own $unkn
            • API String ID: 1937444189-2970004082
            • Opcode ID: fe37f5df9135234981d793a91c79c77feff6fd05566f16afddceff7320d24bfa
            • Instruction ID: 6d0a72adad7c65bccc3211fce6944b613c22f1b959c782dbe366a6063f1550d5
            • Opcode Fuzzy Hash: fe37f5df9135234981d793a91c79c77feff6fd05566f16afddceff7320d24bfa
            • Instruction Fuzzy Hash: FCD1AD62B18A819AFB04DFA9D0403ED2362EB84BD8F408631EE6D17B9DDF7CD5558341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
            • String ID: at line $, column
            • API String ID: 1346393832-191570568
            • Opcode ID: cef75716d72868c5edfc3cce94f6129353b2ed3317b90c27cf9e0ed812222db8
            • Instruction ID: e3d6d8285876a55d00430af4677a0b5b39bebbf5e6c7e76e5b759570dfc5bb06
            • Opcode Fuzzy Hash: cef75716d72868c5edfc3cce94f6129353b2ed3317b90c27cf9e0ed812222db8
            • Instruction Fuzzy Hash: 43B1AF22F18B8285FB04CBA4D0043AD23A6EB44BD8F448635DA6C17B9EDF7CE156C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ConditionInfoMaskSleepVerifyVersion_invalid_parameter_noinfo_noreturn
            • String ID: -> %s$Could not get the WSC Reporter plugin. Error $wsc_reporter$wsc_reporter_lite$wsc_status_communication_provider::initialize_plugins
            • API String ID: 3616022532-3936918023
            • Opcode ID: 3861e360669326861a047be76828ae2dda4a7c95a1be06cec1553f7effb2c8c9
            • Instruction ID: 65d2487cf888124348c6054feb29292fb9acd26a205853b9bd48e7f8ac419047
            • Opcode Fuzzy Hash: 3861e360669326861a047be76828ae2dda4a7c95a1be06cec1553f7effb2c8c9
            • Instruction Fuzzy Hash: 59C14C32A08B8289EB50CFA4D8803ED77A0FB84794F544235EAAD47BA9DF3CD584C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFileLastModuleName
            • String ID: epaas.dll$failed this_process::get_foldername
            • API String ID: 1728480589-1154533728
            • Opcode ID: 91669a5fd5e4368ce2fd3eaae389562ee5505e5cea8849cbd7a2da96dddb8c7d
            • Instruction ID: 607d2e9637f679305ccd19a24bc1c4b9cc53d1b49ad8497b24424efa625a0b40
            • Opcode Fuzzy Hash: 91669a5fd5e4368ce2fd3eaae389562ee5505e5cea8849cbd7a2da96dddb8c7d
            • Instruction Fuzzy Hash: C3915A62F18B4285FB009BA8D4453AC2322AB847D8F505735EA6D16ADEEFBCE191C345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFileLastModuleName
            • String ID: bad variant access$msgbus.dll
            • API String ID: 1728480589-911574694
            • Opcode ID: 9aca3b6a198271867d844df5546ec48c895694f13508a8eb9d48f467f1064ace
            • Instruction ID: 829c0c68aaf4b729dad79ac1b9cfc81fbb2924d46ba36a7a8083d37aac41534a
            • Opcode Fuzzy Hash: 9aca3b6a198271867d844df5546ec48c895694f13508a8eb9d48f467f1064ace
            • Instruction Fuzzy Hash: 87816C62F18A4695FF009BF8D4453AD2322AB45BE8F405732EA7C16ADDEF6CE081C345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$SleepUninitialize
            • String ID: $ $-> %s$wsc_reporter_lite::Init$wsc_reporter_lite::UnInit
            • API String ID: 2536955799-2558291676
            • Opcode ID: 3eac60b87573a1ee8259235ef3974c3544ebc7591d51e4324a01c7731e10db88
            • Instruction ID: bcdb280981f8b8aa6d4b012be9f24545ee7d0f6cdf6171ac2d506516b3fc0994
            • Opcode Fuzzy Hash: 3eac60b87573a1ee8259235ef3974c3544ebc7591d51e4324a01c7731e10db88
            • Instruction Fuzzy Hash: 69911031608B8286E7119BA4E8403ADB3A4FB847A4F500336EABD467E9DF7CD955C781
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D87092
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • timeGetTime.WINMM ref: 00007FF8E7D871EE
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: $ $-> %s$WinFwInitialStat$win_fw_ownership::get_saved_win_fw_status$win_fw_ownership::initialize
            • API String ID: 3401150693-4235453999
            • Opcode ID: a1bdf50822853fcbec58afbaf5d6af9d047b736414894512d097fe1b8483bf72
            • Instruction ID: 9b1e5a727d951a01f84be3c2ab60ebe5c2805348af34478fb6df1cff4149728a
            • Opcode Fuzzy Hash: a1bdf50822853fcbec58afbaf5d6af9d047b736414894512d097fe1b8483bf72
            • Instruction Fuzzy Hash: 40814331A0868296F610DBA4E8413AEB364FB847B4F500336EABD476E9DF3CE545CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ThreadpoolWait$Close_invalid_parameter_noinfo$CallbacksSleepTimeTimertime
            • String ID: $-> %s$wsc_communicator_launcher_plg::UnInit
            • API String ID: 192091908-2464493972
            • Opcode ID: f013fe94f4dc61b1dedba53f1264af4400aba586edc9d7be2504e617a6035f2c
            • Instruction ID: ff3d574ded3e161ec1feec6391bb0e648407edc6f72ff919d2cabe7186020045
            • Opcode Fuzzy Hash: f013fe94f4dc61b1dedba53f1264af4400aba586edc9d7be2504e617a6035f2c
            • Instruction Fuzzy Hash: 61713A32609B4296E7109FA4E4403AE73A5FB84BD4F544236EAAD43B99CF3DE845C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$CurrentErrorEventLastSleepThreadTimetime
            • String ID: $-> %s$SetEvent failed$process_with_framework::OnStopping
            • API String ID: 2700299363-2870767281
            • Opcode ID: 19a3f7a5122d9035357e6cb4ca41f24eca21aedbc55b8b3613a700ca20681fa9
            • Instruction ID: 878f6762870495f0bd6c8083deab0caca64cb7024a25c05ed838f1b56a240805
            • Opcode Fuzzy Hash: 19a3f7a5122d9035357e6cb4ca41f24eca21aedbc55b8b3613a700ca20681fa9
            • Instruction Fuzzy Hash: 9F614232A08B8286F7109BA4E4403AEB374FB847A4F540336EABD53699DF7DE545C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandleService$_invalid_parameter_noinfo$SleepTimeUninitializetime
            • String ID: $-> %s$wsc_reporter::UnInit
            • API String ID: 2139385379-932292110
            • Opcode ID: f17eadbe270215ee2c13b7366708e4be6275c4e30f226556801d92fcf5d58cff
            • Instruction ID: 87820fc125dd08c38add1012f77c760d6a8e8e1a079470e89c0f888c3e4c4da8
            • Opcode Fuzzy Hash: f17eadbe270215ee2c13b7366708e4be6275c4e30f226556801d92fcf5d58cff
            • Instruction Fuzzy Hash: 3E516B32609B8286E7109FA0E8803AE73A4FB84B94F544635DFAD537A9CF3DE845C741
            APIs
              • Part of subcall function 00007FF8E7D92E70: FreeLibrary.KERNEL32(?,?,?,00007FF8E7D930CF,?,?,?,?,?,?,?,00007FF8E7D900D8), ref: 00007FF8E7D92EB6
            • LoadLibraryW.KERNEL32(?,?,?,?,00000000,00007FF8E7DB4F7A), ref: 00007FF8E7DB524E
            • PathIsRelativeW.SHLWAPI(?,?,?,?,00000000,00007FF8E7DB4F7A), ref: 00007FF8E7DB5260
            • LoadLibraryExW.KERNEL32(?,?,?,?,00000000,00007FF8E7DB4F7A), ref: 00007FF8E7DB5273
            • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF8E7DB4F7A), ref: 00007FF8E7DB5286
            • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF8E7DB4F7A), ref: 00007FF8E7DB52A2
            • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF8E7DB4F7A), ref: 00007FF8E7DB52BC
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Library$AddressLoadProc$ErrorFreeLastPathRelative
            • String ID: BdCreateObject$BdDestroyObject
            • API String ID: 1444712439-1744982320
            • Opcode ID: dc053092d03d5bd963f6869455ca7e82ba9137485827cba472e43f15c412c843
            • Instruction ID: 53b18680246a65ce692ac2f6bbdb2a83abc81757674e91a505ffcc14534d57b6
            • Opcode Fuzzy Hash: dc053092d03d5bd963f6869455ca7e82ba9137485827cba472e43f15c412c843
            • Instruction Fuzzy Hash: 82313E65B0AB4292EA14CB96E55026D63A0FF48FD4B444230DBBD47B68EF7CE5658301
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB7847
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$IIgAl::GetSettings failed with error code $Invalid IGAL plugin pointer$wsc_collector::register_listeners$wsc_collector::report_current_firewall_status
            • API String ID: 3860382505-1881030535
            • Opcode ID: 522250c4681d116bae8c38f621cf5f72eea7dcf3312be042d040c4620c38ae87
            • Instruction ID: ae2e8513952eed13b275dd1693d93f652b6ae5ac89deedbb86c00703df81fd22
            • Opcode Fuzzy Hash: 522250c4681d116bae8c38f621cf5f72eea7dcf3312be042d040c4620c38ae87
            • Instruction Fuzzy Hash: 6DD14232A09B828AE711DFA4D8403AD77A4FB847A4F540236EBAD47BA9DF3CD541C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxpath\tokenlist.h$D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxpath\xml_util.cpp$XEp_elem$XNp_parent$false$ltp_current
            • API String ID: 3668304517-605504345
            • Opcode ID: 4f266d2010113c84efd834de4e1d5dd0e01108943c43574cdffa9b335d2dfc5c
            • Instruction ID: 825af3081e19161d20e5a4f2c77558cb0247dab19278ce9f629de0b359ccf448
            • Opcode Fuzzy Hash: 4f266d2010113c84efd834de4e1d5dd0e01108943c43574cdffa9b335d2dfc5c
            • Instruction Fuzzy Hash: F2A16E22B0DA4682EE189F95E49036D63A1FF88FD4F585231DAAD07799DF3CE841C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DD290B
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $ $-> %s$Could not enque the report_protection_service_stopped task. Error: $report_protection_service_stopped$wsc_reporter::on_protection_service_stopped
            • API String ID: 3860382505-2311478399
            • Opcode ID: 18b5a6feeded1b9fcb0d7f75c7ac7bbd0fe267a423a50c80c300db5a12d9e6c8
            • Instruction ID: 6efb8e82a328d9aeaed7b0e78176a7d737b61a8f8ec8e7b7e6abc83521bece65
            • Opcode Fuzzy Hash: 18b5a6feeded1b9fcb0d7f75c7ac7bbd0fe267a423a50c80c300db5a12d9e6c8
            • Instruction Fuzzy Hash: F6B18032A09B8286E710DFA4E8403AE77A4FB847A4F514735EAAD437A9DF3CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DD7098
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • _Xtime_get_ticks.LIBCPMT ref: 00007FF8E7DD7324
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DD73F7
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$ExceptionFileHeaderRaiseSleepTimeXtime_get_ticks_invalid_parameter_noinfo_noreturntime
            • String ID: $-> %s$status$wsc_telemetry::post_update_status_result
            • API String ID: 730741297-1854541697
            • Opcode ID: 1c1bb5b513cdb7dc6a698070e973ffa167764fea815587d619bae1acdca8004a
            • Instruction ID: f098ba63216d46731976a818ca28445de42d1e2f34128dc621251bed06ceea17
            • Opcode Fuzzy Hash: 1c1bb5b513cdb7dc6a698070e973ffa167764fea815587d619bae1acdca8004a
            • Instruction Fuzzy Hash: B0A13732B08A8286EB249BA4D4403AD63A1FB847B4F504336DBBD07AD9DF7CE545C742
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D8C674
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • RegGetValueW.ADVAPI32 ref: 00007FF8E7D8C7BA
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimeValuetime
            • String ID: $-> %s$Could not get the firewall status from Registry. Error: $win_fw_ownership::enable_win_fw$win_fw_ownership::get_fw_status_from_registry
            • API String ID: 2975554297-3056843409
            • Opcode ID: 205199fad46d4e3bf43b18355f7d22d29dc6205572f5b6452671f18204602200
            • Instruction ID: bd060618bdd76b27e0e49cfa952323c9f35afce3a61872029023ee35e26b8444
            • Opcode Fuzzy Hash: 205199fad46d4e3bf43b18355f7d22d29dc6205572f5b6452671f18204602200
            • Instruction Fuzzy Hash: 4F915532A08B8196E710DBA4E8403AE77B0FB857A4F504335EAAD47BA9DF3CD545CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CriticalSection$EnterLeave_invalid_parameter_noinfo_noreturn
            • String ID: wsc_loader
            • API String ID: 2008198395-3143197780
            • Opcode ID: 654c792830c7d8b34ae1c85ab842095d36b6814a8de4d16c6e97593fa6d73a9a
            • Instruction ID: 5af1009d3407f4442b4caf22ef5edc7b27f63efd3fff500078840efda0f5ad4f
            • Opcode Fuzzy Hash: 654c792830c7d8b34ae1c85ab842095d36b6814a8de4d16c6e97593fa6d73a9a
            • Instruction Fuzzy Hash: 96716F62B18B4682EA509B99F04036EA361FB85BE4F544335EEAC07BDDDF7CE4428701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Value
            • String ID: subkey $ value $; err=$helpers::write_last_timestamp_to_reg$timestamp$write to reg
            • API String ID: 3702945584-919870011
            • Opcode ID: 389daa563466a678f6008a048938189431849e5e6847bc5282006c564ac126f0
            • Instruction ID: 780351112172bd84ffdaeaebbed804e4ff605d6668b9a4e04517d9efd5d1b9e3
            • Opcode Fuzzy Hash: 389daa563466a678f6008a048938189431849e5e6847bc5282006c564ac126f0
            • Instruction Fuzzy Hash: 78818E72B19B9296E700CBA4E8802AD77B4FB847D4F444235EAAD07798EF3DE544C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB54CA
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • timeGetTime.WINMM ref: 00007FF8E7DB5644
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: $ $-> %s$wsc_collector::Init$wsc_collector::UnInit
            • API String ID: 3401150693-305415645
            • Opcode ID: ea9f50994fce6166715aa6095206c5224fd343725d49a107a64dbbf1486f725f
            • Instruction ID: 3e6e0f3fda48b10ef52dc9dc428c93c5f3bbaba2b97d9f9759dc24810422a5ce
            • Opcode Fuzzy Hash: ea9f50994fce6166715aa6095206c5224fd343725d49a107a64dbbf1486f725f
            • Instruction Fuzzy Hash: D6813032608B8286E710DBA4E8402AD73A4FB847A4F540336EABD477D9DF7CD551CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Value
            • String ID: .DEFAULT\Software\SetID$.txtui$wslibsite_lang
            • API String ID: 3517525675-3839206562
            • Opcode ID: f9cb2c4da37a3064234e84cd4e132fea7bf15764a73ba96a3f13e2211f47af40
            • Instruction ID: 1dd74fcff846909846104923cd538a327aed03ac82c24656253d8285fcf45213
            • Opcode Fuzzy Hash: f9cb2c4da37a3064234e84cd4e132fea7bf15764a73ba96a3f13e2211f47af40
            • Instruction Fuzzy Hash: 92813C32A18BC291FB608F55E4407AEB3A4FB85784F509235DBEC42A69DF3CE495CB01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Value
            • String ID: subkey $ value $; err=$count$helpers::write_restart_count_to_reg$write to reg
            • API String ID: 3702945584-1862470528
            • Opcode ID: c58c57cdde11ca6df5531af15edf1e2210cd05d85fbc9f109b6aeeb3976ea8c1
            • Instruction ID: 0eabe057d05bc631614157fc3c07ba9574e14089e168f9e5467fecdf2d89b794
            • Opcode Fuzzy Hash: c58c57cdde11ca6df5531af15edf1e2210cd05d85fbc9f109b6aeeb3976ea8c1
            • Instruction Fuzzy Hash: 31819072B1CB9295E710CBA0E4802ADB7B4FB847D4F440235EAAE127A8DF7DD444C742
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBD1C7
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • timeGetTime.WINMM ref: 00007FF8E7DBD302
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: $ $-> %s$wsc_status_communication_provider::Start$wsc_status_communication_provider::Stop
            • API String ID: 3401150693-3688800006
            • Opcode ID: 3eda71225bca69205ed40007909907772de0e5f451e9dfb48f33fcd1e75fc7ff
            • Instruction ID: b870c1809b3ee1676e441bf56889d0b03d9f00397f7431f616689919a15e1d39
            • Opcode Fuzzy Hash: 3eda71225bca69205ed40007909907772de0e5f451e9dfb48f33fcd1e75fc7ff
            • Instruction Fuzzy Hash: 47713132608B8196E610DBA4E8403EE7364FB857A4F500336EABD53AE9DF7CE545CB41
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB2441
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • timeGetTime.WINMM ref: 00007FF8E7DB255D
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: $ $-> %s$wsc_command_communication_provider::Stop$wsc_command_communication_provider::uninitialize_communication
            • API String ID: 3401150693-4186254922
            • Opcode ID: a5d0f8f59e4df3b9ca345a03a2ee0a0f5bc58de34e2f56eebc6815ac7abc1eba
            • Instruction ID: 89e1c197847c87930cd4bb10f5ac85a93c73e65a60fc8fb480534038e071f64a
            • Opcode Fuzzy Hash: a5d0f8f59e4df3b9ca345a03a2ee0a0f5bc58de34e2f56eebc6815ac7abc1eba
            • Instruction Fuzzy Hash: E3711332609B8196E7109B94E8403AEB364FB857A4F500336EABD43AE9DF7CE545CB41
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID: .txtui
            • API String ID: 0-459513690
            • Opcode ID: 66f1a5cbfdf14cbc94babeaf27d2cf27372b4f5fa7ffc97c689dde069f95ce8e
            • Instruction ID: 40a3ddae34e9ab112766cb37f62a883932a31a47a1496d5dc71ffb851e43c563
            • Opcode Fuzzy Hash: 66f1a5cbfdf14cbc94babeaf27d2cf27372b4f5fa7ffc97c689dde069f95ce8e
            • Instruction Fuzzy Hash: DE519062F5964284FB009BA4D4403ED2322EB857D8F406335EA6C17A9EEF7CE586C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$launch_requested$windows_security_center_integration_epaas_module::LaunchRequested
            • API String ID: 344959351-289789384
            • Opcode ID: 87e8ecf2b84af2056b5f3adadd7f9a7212f11f279d080ec78461a9ea8c13f4bc
            • Instruction ID: 6d71f78ded3859df22ea2519474f98e91af7fed55cbff2c97fc073956bde08fa
            • Opcode Fuzzy Hash: 87e8ecf2b84af2056b5f3adadd7f9a7212f11f279d080ec78461a9ea8c13f4bc
            • Instruction Fuzzy Hash: AD512D32608B4296E710DB95E4403AE7374FB84BA0F540236EABC437A9DF7CE555CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$update_requested$windows_security_center_integration_epaas_module::UpdateRequested
            • API String ID: 344959351-869077612
            • Opcode ID: 114efd3277e189440ff2b4f90b75c36e93e6d5e2bec58b093553c6cdc8119e87
            • Instruction ID: 8bba885125670a88406dafd97bd76ec6bf23c8b4de2c32df27d5638d1e56aa77
            • Opcode Fuzzy Hash: 114efd3277e189440ff2b4f90b75c36e93e6d5e2bec58b093553c6cdc8119e87
            • Instruction Fuzzy Hash: 9F512B32608B8296E710DB95E4403AE73B4FB84BA0F540236EABC437A9DF7CE955C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$enable_requested$windows_security_center_integration_epaas_module::EnableRequested
            • API String ID: 344959351-1796317626
            • Opcode ID: 673f775a522c8086126d23ea30616664a90104d399c11e4bc6fb32072a1053af
            • Instruction ID: 28785e1a3b462a3bfc68914e5e079c7458c0cd345ba58f2ffab2a5833470e93d
            • Opcode Fuzzy Hash: 673f775a522c8086126d23ea30616664a90104d399c11e4bc6fb32072a1053af
            • Instruction Fuzzy Hash: 43515D32608B8296E710DB95E4403AE7374FB85BA0F540632EABC437A9CF7DE555C741
            APIs
            Strings
            • D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxpath\action_store.cpp, xrefs: 00007FF8E7E0745C
            • i_entry >= 0 && i_entry < i_size, xrefs: 00007FF8E7E0745B
            • Assertion failed: %Ts, file %Ts, line %d, xrefs: 00007FF8E7E074C2
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ConsoleFileHandleTypeWriteswprintf
            • String ID: Assertion failed: %Ts, file %Ts, line %d$D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxpath\action_store.cpp$i_entry >= 0 && i_entry < i_size
            • API String ID: 2943507729-639025340
            • Opcode ID: 275c85333dc90a2897370e1a260774358b835b0df6de12c223b147499d6e0288
            • Instruction ID: dd895bc4125f37c1a49b7f16fadd028801b946ba2909a05b5ec796a3e9be1d15
            • Opcode Fuzzy Hash: 275c85333dc90a2897370e1a260774358b835b0df6de12c223b147499d6e0288
            • Instruction Fuzzy Hash: F431A422618A8741EB549B91F4113BE67A5FB86BE0F500235FAFD03AD5DF3CD5048701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: f$p$p
            • API String ID: 3215553584-1995029353
            • Opcode ID: 01f09b26c48d7a4c304c54f72a5accc1fd09e45d71083d476d7b0420cd06ff74
            • Instruction ID: 13bbcc74d19015320a006d91a382265eaaa17684e5f09e9742c40860d807d371
            • Opcode Fuzzy Hash: 01f09b26c48d7a4c304c54f72a5accc1fd09e45d71083d476d7b0420cd06ff74
            • Instruction Fuzzy Hash: E4125161E0C24386FB209A99D1443BD7691EB42FE4F984635E6F94F6D4DF3CE9808B12
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7C056
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7D7D300: timeGetTime.WINMM ref: 00007FF8E7D7D338
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: -> %s$Could not update the AV settings substatus. Error $Could not update the av settings substatus because the OS does not support the functionality.$Updating AV settings substatus to $av_reporter::update_settings_substatus
            • API String ID: 3401150693-1263224284
            • Opcode ID: f1813d2c2b77f4eafbfffa0232797664833e1b18305f105743266d2d37864aeb
            • Instruction ID: ce2778ebff2d066113a8afbed2f80828f9a78610611b671d590981d6014db8a0
            • Opcode Fuzzy Hash: f1813d2c2b77f4eafbfffa0232797664833e1b18305f105743266d2d37864aeb
            • Instruction Fuzzy Hash: 65128232A09B828AE760DFA4D8803ED37A4FB44798F504635DAAD47BA9DF3CE544C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxml\tinyxmlparser.cpp$cursor.col >= -1$cursor.row >= -1$now$stamp
            • API String ID: 3668304517-512587213
            • Opcode ID: 51803e0b3f2677f9971d7094851ed76621997a4318b42bbd397a43c7a3f7c852
            • Instruction ID: c589c260eccdc0d7725706321638607f1b8b9545ec1b29bfc6f0e1077f7313d5
            • Opcode Fuzzy Hash: 51803e0b3f2677f9971d7094851ed76621997a4318b42bbd397a43c7a3f7c852
            • Instruction Fuzzy Hash: 60D19F22F09A4A85EF56DBA5E8403BD63A0FF45BD4F644231DAAD47698EF3CE445C302
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Timetime
            • String ID: $-> %s$wsc_command_communication_provider::Start
            • API String ID: 373240951-137040390
            • Opcode ID: 5607572dfa1df09e9cbd88a4bbfd913e1ee82f656ed814c5fef41b9470ead6a4
            • Instruction ID: 0f8d7b225907d0f57fa15d3781e72664fb3dda75057e94ca5986fce518b03fdf
            • Opcode Fuzzy Hash: 5607572dfa1df09e9cbd88a4bbfd913e1ee82f656ed814c5fef41b9470ead6a4
            • Instruction Fuzzy Hash: 5AD16E22B08B8186EB15CBA5E4403AD6761FB89BE4F144335DBAC13B9ADF3DE591C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: Could not get the communication bus.$Could not get the communication channel for actions.$cl.vsserv.actions$wsc_command_communication_peer::initialize_communication
            • API String ID: 3668304517-4210707646
            • Opcode ID: eac5298c6a2bf132becb2a13a293ba3635e334753fb71343cea2343d2a228263
            • Instruction ID: 50a5dc8bd1df413fb0f01080df42dcae182eed9dae21a1eaac2db5996074a322
            • Opcode Fuzzy Hash: eac5298c6a2bf132becb2a13a293ba3635e334753fb71343cea2343d2a228263
            • Instruction Fuzzy Hash: 44E16E32B09B8299EB21DFA4D8803AD33A1FB84794F404635EAAD47BA9DF7CD544C741
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-0
            • Opcode ID: fab40e3865fbef0f845fe55651978e9ae15812499dfb196ed1f5ec3b5694e902
            • Instruction ID: a7dfd1e13d70d564e6147222e417fd43072cece88b77aef7b78d864129289d4e
            • Opcode Fuzzy Hash: fab40e3865fbef0f845fe55651978e9ae15812499dfb196ed1f5ec3b5694e902
            • Instruction Fuzzy Hash: 89C1E062A0C68781EAA19B95D4023BD7BA4FF80FC4F454231EAEE07795CE7DE855C702
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e243edfe9c1ecb22b8dfdbd050e3b87af6e0cd115bc1ee12b8b2719ceaf49fe4
            • Instruction ID: f54046cf5e5cf03fab5e76192ff01e452814eb916b37f51bd766feda7cccb128
            • Opcode Fuzzy Hash: e243edfe9c1ecb22b8dfdbd050e3b87af6e0cd115bc1ee12b8b2719ceaf49fe4
            • Instruction Fuzzy Hash: 2DB1A722B18B4285FB14DBA8E1043AD2761EB447E8F404731DABD17ADADF7CE195A342
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB71F5
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • _Mtx_unlock.LIBCPMT ref: 00007FF8E7DB758A
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$Mtx_unlockSleepTimetime
            • String ID: $-> %s$Could not register a listener for the Virus Shield settings. Error: $wsc_collector::register_listeners
            • API String ID: 2549448539-432359578
            • Opcode ID: 5aec1473090269d19904ca7371896a999fe43e2f7899e1637ac55089603bd2ad
            • Instruction ID: 89f2ff007471808ab6907d4bcabd5ea867bfbbc31e9bb7eff51110313a05edaa
            • Opcode Fuzzy Hash: 5aec1473090269d19904ca7371896a999fe43e2f7899e1637ac55089603bd2ad
            • Instruction Fuzzy Hash: B1B18F32B09B4286EB10DFA5E4803AD77A0FB84BA4F540236EAAD577A9DF3CD445C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D877FB
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
              • Part of subcall function 00007FF8E7D78C20: timeGetTime.WINMM ref: 00007FF8E7D78C76
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Time_invalid_parameter_noinfotime$Sleep
            • String ID: $-> %s$Could not start the take ownership task. Error: $win_fw_ownership: take_ownership$win_fw_ownership::take_ownership
            • API String ID: 3401150693-2323749783
            • Opcode ID: 51a31c36d4acd964fa17619e5df03d2ce0c5b4d4f495eaeda9953af722d5f37c
            • Instruction ID: b834d6e4c21dcbd087a4f844b8ff169b1cd81540ca04c7778d8013cb2dbc146f
            • Opcode Fuzzy Hash: 51a31c36d4acd964fa17619e5df03d2ce0c5b4d4f495eaeda9953af722d5f37c
            • Instruction Fuzzy Hash: DCB17472608B8296E710DFA4E4813AE77B0FB847A4F500636EAAD437A9DF3CE545C741
            APIs
            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7E1273A
            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,as_reporter::register_to_wsc,00000000,00000000,?,00000020,00007FF8E7E126B7,as_reporter::register_to_wsc,00000000,00000000,00007FF8E7E1190A), ref: 00007FF8E7E127F8
            • GetLastError.KERNEL32(?,?,?,?,?,?,as_reporter::register_to_wsc,00000000,00000000,?,00000020,00007FF8E7E126B7,as_reporter::register_to_wsc,00000000,00000000,00007FF8E7E1190A), ref: 00007FF8E7E12882
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
            • String ID: as_reporter::register_to_wsc
            • API String ID: 2210144848-929089643
            • Opcode ID: 3469b01ec9e18ad2569f0a48a08a506644ff6f28fb73e7e092ee869305914c8e
            • Instruction ID: 7670be50040ce8dc224b5edf57714b62b8c0b32777887e194cf538a4ab049c5c
            • Opcode Fuzzy Hash: 3469b01ec9e18ad2569f0a48a08a506644ff6f28fb73e7e092ee869305914c8e
            • Instruction Fuzzy Hash: 63819F22F1865385FB909BA9C8423BD66A8BF44FC4F444131DEAE57B95DF3CA841C322
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB7CD7
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$Could not get the Virus Shield settings. Error: $wsc_collector::register_listeners$wsc_collector::report_current_vshield_status
            • API String ID: 3860382505-2207529514
            • Opcode ID: bd299109a0a38c7d1a5575ed60260d517c4469649b881d5a25381eafcb6e1e66
            • Instruction ID: 96b9f7cd63f57758abfff0689d79b8143554399ab94799d97cb621003833a7d8
            • Opcode Fuzzy Hash: bd299109a0a38c7d1a5575ed60260d517c4469649b881d5a25381eafcb6e1e66
            • Instruction Fuzzy Hash: F3A12032609B828AE710DFA4E8803AD7764FB857A4F540236EBAD47B99DF3CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7D338
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$AV function call failed because product is not registered. Retrying with registration.$av_reporter::execute_with_registration_if_needed$av_reporter::update_status
            • API String ID: 3860382505-797322649
            • Opcode ID: 9c78a7726173f310e5c3e034087cdf2ebdc57ca5f02e98ad184aa3ecfc2c0125
            • Instruction ID: c26c67e784bc9197555295da7245aa528a6e52a53888888db7c2898301efa78d
            • Opcode Fuzzy Hash: 9c78a7726173f310e5c3e034087cdf2ebdc57ca5f02e98ad184aa3ecfc2c0125
            • Instruction Fuzzy Hash: 12916032709B4296E710DBA4E4803AE77A0FB857A4F500635EEAD43BA9DF3DE441C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7A8C8
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • CoCreateInstance.OLE32 ref: 00007FF8E7D7A9FB
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$CreateInstanceSleepTimetime
            • String ID: $-> %s$Could not create the AV interface. Error $av_reporter::create_instance
            • API String ID: 1585765107-3445465257
            • Opcode ID: 894880849888f1e3a1b7881a004db020d03a273f57f70650c7545c99d626af60
            • Instruction ID: 715bd12c09f60e053979b76bbaec9d126889afeb8b44e0ecc5583f9865da938d
            • Opcode Fuzzy Hash: 894880849888f1e3a1b7881a004db020d03a273f57f70650c7545c99d626af60
            • Instruction Fuzzy Hash: 31917532A08B8296E710DBA4E8403AE7770FB847A4F540636EEAD43B99DF3CE545C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$FileModuleName
            • String ID: process_with_framework::OnStarting
            • API String ID: 2805837667-3250114685
            • Opcode ID: 048ee58b9fd47773678349983fc9d2d9affbe732514c772fb307057d7645b806
            • Instruction ID: f8fb9d3fd188185afdc190210e856829bd50b4bee4fd04b852952cefa33ebfb7
            • Opcode Fuzzy Hash: 048ee58b9fd47773678349983fc9d2d9affbe732514c772fb307057d7645b806
            • Instruction Fuzzy Hash: 7C815022B18BC182FB109F69E45436E63A0FB84794F509235DBEC52AADDF3CE095DB01
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7DF38
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • CoCreateInstance.OLE32 ref: 00007FF8E7D7E06B
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$CreateInstanceSleepTimetime
            • String ID: $-> %s$Could not create the FW interface. Error $fw_reporter::create_instance
            • API String ID: 1585765107-2147706268
            • Opcode ID: 81c4bffadd481af0d42335d756a9254f45273c518150aa081e1cd44e906ecb6c
            • Instruction ID: d715d84bd50b9d857aba3a6dd4db24164f6e10e28f1f2d348c1c7aa574864ab6
            • Opcode Fuzzy Hash: 81c4bffadd481af0d42335d756a9254f45273c518150aa081e1cd44e906ecb6c
            • Instruction Fuzzy Hash: C9917432A09B8296E710DBA4E8403AE7774FB847A4F540635EEAD43BA9DF3CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D71F18
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • CoCreateInstance.OLE32 ref: 00007FF8E7D7204B
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$CreateInstanceSleepTimetime
            • String ID: $-> %s$Could not create the AS interface. Error $as_reporter::create_instance
            • API String ID: 1585765107-166104833
            • Opcode ID: 134b45641c6f897c5faef5b189901d7068000a16eaf6314703b97534e722ff42
            • Instruction ID: de9d5c353a318a6252ff7838196fa37d4a886f1780134ef0b2c4684953228452
            • Opcode Fuzzy Hash: 134b45641c6f897c5faef5b189901d7068000a16eaf6314703b97534e722ff42
            • Instruction Fuzzy Hash: D9917432A08B8296E710DBA4E8403AE77B0FB847A4F540635EEAD43B99DF7CE541C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLastLibrary_invalid_parameter_noinfo_noreturn$AddressFreeLoadProc
            • String ID: failed load dll
            • API String ID: 7279754-530279502
            • Opcode ID: 4e5359599694a8b65d9615a5f69b810f023b805af358f6d0d4da4b495279bc79
            • Instruction ID: c2b4193347f7f8f98c3bd65954c85f41ab0a6f8ea7453cd5d1aeec5ec920f5a8
            • Opcode Fuzzy Hash: 4e5359599694a8b65d9615a5f69b810f023b805af358f6d0d4da4b495279bc79
            • Instruction Fuzzy Hash: 36815C62F18B8585EB008FB4D4403AC2371EB58B98F005335DEAD26A99EF7CE195C395
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFileLastModuleName
            • String ID: wscfix.exe
            • API String ID: 1728480589-3131413875
            • Opcode ID: 8a8d6622b1e913d11aea9b825acf1bd3242e20f9ee749f5a8695d9304b385666
            • Instruction ID: efa7d7c1b8cbeef782160e48bfeb818ba7853ff69178ea8463f7fcba0b5fbe5f
            • Opcode Fuzzy Hash: 8a8d6622b1e913d11aea9b825acf1bd3242e20f9ee749f5a8695d9304b385666
            • Instruction Fuzzy Hash: 19814172B5C7C290EA209B58E4853EEA361EB857E4F505325D6EC16AEDDF7CE180C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter::report_saved_states
            • API String ID: 344959351-231984425
            • Opcode ID: 8027213ee0f1a557461674980d1eaeddd4caf10a542a81b4642eb56f912167c9
            • Instruction ID: c42c223351b7d8fd6840c7e9222581539d27acb916fe8995c0917d58f6ed6796
            • Opcode Fuzzy Hash: 8027213ee0f1a557461674980d1eaeddd4caf10a542a81b4642eb56f912167c9
            • Instruction Fuzzy Hash: 49516E3271968296E610EB94D8807AE7364FB847B4F910332EA7D936D9EF3CE505C781
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter::UpdateFwStatus
            • API String ID: 344959351-2832709353
            • Opcode ID: e00e07d5e6d5999baa1fefa1fa388ace27b2ff502389f86633b33a938f7fc347
            • Instruction ID: 6a054f0b14075b4a4e6fdb4497a9a6bbabc59ffbab0f37d27942623c4f2ef342
            • Opcode Fuzzy Hash: e00e07d5e6d5999baa1fefa1fa388ace27b2ff502389f86633b33a938f7fc347
            • Instruction Fuzzy Hash: D5515F32B08642A6E614DBA1E4403AE7364FB847A0F500336EBBD536D9DF3DE555C782
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter::UpdateAvAndAsStatus
            • API String ID: 344959351-2979390263
            • Opcode ID: 19033faba704a1cd19bcd8935f99feb96d1613c3b035b6c431018337f8d943b2
            • Instruction ID: 2fa8952d877ab878bd8ee0761aa20496411ceaa50fc0d6016fea39cfe5b3c730
            • Opcode Fuzzy Hash: 19033faba704a1cd19bcd8935f99feb96d1613c3b035b6c431018337f8d943b2
            • Instruction Fuzzy Hash: E351A132B08A4196E710DBA5E8413AE73A0FB857A4F500336EBAC436D9DF3DE455C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::Stop
            • API String ID: 344959351-112288655
            • Opcode ID: f01524f4e6083f30d09853f8701d10661c9f52a4b68ec28491d692ed0a1c9e94
            • Instruction ID: 7149588b162dd4e451499c21449218dec8f988ad69ca8d7a0e2aca621672a672
            • Opcode Fuzzy Hash: f01524f4e6083f30d09853f8701d10661c9f52a4b68ec28491d692ed0a1c9e94
            • Instruction Fuzzy Hash: 5D513932A09B8186E6109BA4E4403AEB364FB857A0F540336EABD43BDADF3CE515C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::UpdateFwStatus
            • API String ID: 344959351-745734130
            • Opcode ID: 44825bbfbc004414de275995788501714e1ef3fe332d6c984e99546a2e411858
            • Instruction ID: edd352315d13028cb774d9971688b91965e6ee208c6f96e6d23a4232c260eab0
            • Opcode Fuzzy Hash: 44825bbfbc004414de275995788501714e1ef3fe332d6c984e99546a2e411858
            • Instruction Fuzzy Hash: 37412C32608B4296E710DBA5E8403EE7364FB897A4F500336EABD426E9DF3DE545CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter::UnregisterAvAndAs
            • API String ID: 344959351-1951739893
            • Opcode ID: 6e579fd3fcb645759468cd53387ea0702c36ee16ad8666fb997ebe331eedf665
            • Instruction ID: 075befe5ae920cd1aa3ee51f2352aa9a366006ded0921c317412476a28f92d1e
            • Opcode Fuzzy Hash: 6e579fd3fcb645759468cd53387ea0702c36ee16ad8666fb997ebe331eedf665
            • Instruction Fuzzy Hash: 58411B32608B8196D710EBA4E4503AE73A4FB857A4F500336EABC476E9DF3DE545CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$wsc_reporter::UnregisterFw
            • API String ID: 344959351-3818477932
            • Opcode ID: 128c1c7cee10803c842158c9f9ed87a06bee8411a3cf0db5e2e18c93fbdac9ac
            • Instruction ID: f2e61855764b2281cd3720f6fb6879588c7cbc19660d4dc7fa3c57df470794c6
            • Opcode Fuzzy Hash: 128c1c7cee10803c842158c9f9ed87a06bee8411a3cf0db5e2e18c93fbdac9ac
            • Instruction Fuzzy Hash: 8F411C32608B4286D7109B94E4403AE7364FB857A4F500336EABC477D9DF3DE505CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$windows_security_center_integration_epaas_module::RegisterHandler
            • API String ID: 344959351-653397644
            • Opcode ID: a2a1eb1d74012aa7e441f98baa77ae9107af08cd441eb0d0adfe1a23c8ad193b
            • Instruction ID: d6b053a5d2dea8d3bebc5f7c4916f137aba4b20b855c635df72ae8d865cbf7b6
            • Opcode Fuzzy Hash: a2a1eb1d74012aa7e441f98baa77ae9107af08cd441eb0d0adfe1a23c8ad193b
            • Instruction Fuzzy Hash: 0A410D32608B4296E710DB94E8403AEB364FB857A4F500336EABC43AD9DF3DE555CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExclusiveLock_invalid_parameter_noinfo$AcquireReleaseSleepTimetime
            • String ID: $-> %s$windows_security_center_integration_epaas_module::AddVersion
            • API String ID: 344959351-3386970960
            • Opcode ID: aa444b1a4fbd2f0c208d8ccd130d1b6ec43078e70fd9c0e396f0e26044f132a0
            • Instruction ID: 484469166b9d53e772bd3f310238b13fedf621f0b9d0e10b163dad91cd4a0e0d
            • Opcode Fuzzy Hash: aa444b1a4fbd2f0c208d8ccd130d1b6ec43078e70fd9c0e396f0e26044f132a0
            • Instruction Fuzzy Hash: D2410A32608B4296E7109BA4E8403AE7370FB857A4F500336EABD426E9DF7DE555CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
            • String ID: CONOUT$
            • API String ID: 3230265001-3130406586
            • Opcode ID: f373d316bf912c5ce75db15df45859944ef71327214485e6dc44c30b880405aa
            • Instruction ID: eba36e7aa3ec18f5b746dfba9fbb9e7a02da0124a4776566307a8779aaba7d5d
            • Opcode Fuzzy Hash: f373d316bf912c5ce75db15df45859944ef71327214485e6dc44c30b880405aa
            • Instruction Fuzzy Hash: B2119022B28A8286E7508B96F85532D72A0FB98FE4F140234EEAD87794CF7CD9448741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Library$Free$Load
            • String ID: LoadLibrary failed$SubscribeServiceChangeNotifications$UnsubscribeServiceChangeNotifications$sechost.dll
            • API String ID: 2391024519-3987211134
            • Opcode ID: 213591504c94b858ee4be66ade19af0ba1be4b95439bdf37136ba4dd233e2dc7
            • Instruction ID: 67d790a723336c41f7802b2173d874f5bb42a8c236745e8dcd3dd7c69b550071
            • Opcode Fuzzy Hash: 213591504c94b858ee4be66ade19af0ba1be4b95439bdf37136ba4dd233e2dc7
            • Instruction Fuzzy Hash: FD11FA36605B8291FA159F91E8503AD77A8FB88FC0F058236EA6D47748CF3CE551C381
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ByteCharMultiStringWide
            • String ID:
            • API String ID: 2829165498-0
            • Opcode ID: 1ea21602743830af0283ae8f0bf1965baa2705426e8ec31bf502b91c6e44ea74
            • Instruction ID: dd7a6e9a3d44a9e8d7546d4436ae1ca6d49bfe2f11f7c144765859ddf1298084
            • Opcode Fuzzy Hash: 1ea21602743830af0283ae8f0bf1965baa2705426e8ec31bf502b91c6e44ea74
            • Instruction Fuzzy Hash: A8814A22B19B8286EB258F91D44076E66A1FB48BE8F140335EABD57BCCDF3CE4458701
            APIs
              • Part of subcall function 00007FF8E7D79470: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8E7D7949F
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D84971
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D84977
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D84D28
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaise__std_exception_copy
            • String ID: Failed to load file$product_info
            • API String ID: 818104658-3597872723
            • Opcode ID: 09681dd53d2ebb1b8e1941a9568983a30ad1e5576848a727ac59940ca8621909
            • Instruction ID: fdabfb29126215f55f81ae11ce9843872ed023252ac516fe54f82aef3e9ec880
            • Opcode Fuzzy Hash: 09681dd53d2ebb1b8e1941a9568983a30ad1e5576848a727ac59940ca8621909
            • Instruction Fuzzy Hash: 06F1CE22B08B9281FA15DF95E4447AD73A6FB44BD4F854232DAAD07799DF3CE582C302
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
            • String ID:
            • API String ID: 2081738530-0
            • Opcode ID: 4321455e9b6da399b4bb0487acb35a90563691f1dac0d689aeddd9dab449dd15
            • Instruction ID: aad64a2250769a512293a0f59b3695d9e005fd4b270cc0be2f921a2bc451c89a
            • Opcode Fuzzy Hash: 4321455e9b6da399b4bb0487acb35a90563691f1dac0d689aeddd9dab449dd15
            • Instruction Fuzzy Hash: 59416A26B08B4781EB15DB9AE84126D67A4FB84FD0F084632DAAD037A9DF3CE541C302
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
            • String ID:
            • API String ID: 2081738530-0
            • Opcode ID: ef66f68efa0b8d7c3b45df9a0e7c751d6a755a05029be4315741585939102a5b
            • Instruction ID: 44117a80e09c8bf86273e32b90c1580c981a3a5e5180ba59e2d046a58ce61fc4
            • Opcode Fuzzy Hash: ef66f68efa0b8d7c3b45df9a0e7c751d6a755a05029be4315741585939102a5b
            • Instruction Fuzzy Hash: 66313E62B09A4281EA159FD9E4402BD63A1EB94BF0B984631DF7E437A9DF2CE4418312
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
            • String ID:
            • API String ID: 2081738530-0
            • Opcode ID: 2d4bc1f815dc689a098dbe5aeec95ff0520a6cf790fae1748e86ad1fabb61783
            • Instruction ID: 7574635244c22e39b8bb9d5c66c68622a6c74dd2fa70bc37d93f28ed721c488f
            • Opcode Fuzzy Hash: 2d4bc1f815dc689a098dbe5aeec95ff0520a6cf790fae1748e86ad1fabb61783
            • Instruction Fuzzy Hash: 23312F65B09A4281EB159FD5E4402BDA3A1EF94BE0F185232DE7E477A9EF3DE4418302
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
            • String ID:
            • API String ID: 2081738530-0
            • Opcode ID: fa7d80cc6ed042c5b62dee8f83895e8ec59134dbb2bf02cf8310c2b238e0a349
            • Instruction ID: 3ddc93462dc6ca56859440d93a528d1785bbb92906aa2e3f18b26af0f99a4715
            • Opcode Fuzzy Hash: fa7d80cc6ed042c5b62dee8f83895e8ec59134dbb2bf02cf8310c2b238e0a349
            • Instruction Fuzzy Hash: DC313022B09A4381EA159FD5E4402BDA3A1FF94BE0F484631DEBE477A9DF3CE4418302
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID: <error-not-found>$Desktop$app$safepay
            • API String ID: 0-428476861
            • Opcode ID: b1c808e0904eb3404bcc3c9aa9792d13f2377dd5264eda1cbd84e863f6e72132
            • Instruction ID: 3936868d8092f5e56caced0eac67c28b88efdb45308f7533403f3fea1581716d
            • Opcode Fuzzy Hash: b1c808e0904eb3404bcc3c9aa9792d13f2377dd5264eda1cbd84e863f6e72132
            • Instruction Fuzzy Hash: 8DB19A62F18A4285EB049FA5D4402BD3771FB48BE8F449622DE6D13A99DFBCE4E1C301
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Concurrency::cancel_current_task
            • String ID: false$true
            • API String ID: 118556049-2658103896
            • Opcode ID: 9f434fc32bcad0e9e85458bfebfef8fe8f0d7871906ab4b145c9a9d261e375e9
            • Instruction ID: f07b4cfee51c7048e7ee8c683d6e64f5c946840667d4605c3da8a4584a30662d
            • Opcode Fuzzy Hash: 9f434fc32bcad0e9e85458bfebfef8fe8f0d7871906ab4b145c9a9d261e375e9
            • Instruction Fuzzy Hash: 32917622B19A4699EB109FA1D4402AD33B9FB48BC8F454235DE6C97B8DEF3DD506C341
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D803C8
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$FW function call failed because product is not registered. Retrying with registration.$fw_reporter::execute_with_registration_if_needed
            • API String ID: 3860382505-422381607
            • Opcode ID: 86bf3b87a9de2ea28286e5bcaf6a64063d2df8269eadb8800833029a00ee25c8
            • Instruction ID: 03268feeb5b5f828b1ae39fa122a17cdff714a99c3ffb475a63aee9758e469ae
            • Opcode Fuzzy Hash: 86bf3b87a9de2ea28286e5bcaf6a64063d2df8269eadb8800833029a00ee25c8
            • Instruction Fuzzy Hash: B5916232B09B469AF710DBA4E4803AE73A0FB847A4F500635EAAD537A9DF3CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D72FC8
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$AS function call failed because product is not registered. Retrying with registration.$as_reporter::execute_with_registration_if_needed
            • API String ID: 3860382505-677251469
            • Opcode ID: d5652c5899a51bab8a64ad604b632da47d4b69bc03d6b13ade1ea9d0fc098882
            • Instruction ID: 3dfc4743c5b4447d1b5d2ea64841b223c58087d58060d4323d98bbb08664bd0b
            • Opcode Fuzzy Hash: d5652c5899a51bab8a64ad604b632da47d4b69bc03d6b13ade1ea9d0fc098882
            • Instruction Fuzzy Hash: 5A916132709B8296E710DBA4E4803AE73A0FB847A4F500635EEAD53BA9DF3DE551C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7E727
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$Could not unregister the FW. Error $fw_reporter::unregister_from_wsc
            • API String ID: 3860382505-2892152727
            • Opcode ID: cc5d9d3f0d1ed7129e82dda1ab7dfdc029e4f2627467e9f24ca952ecf0538c1e
            • Instruction ID: 58286be6591e31ddf47171ccc8624baf8aae4a8bd01b6be128fa16454ccc403d
            • Opcode Fuzzy Hash: cc5d9d3f0d1ed7129e82dda1ab7dfdc029e4f2627467e9f24ca952ecf0538c1e
            • Instruction Fuzzy Hash: 24915232B09B8296E710DBA4E4403AE7764FB857A4F500635EEAD43BA9DF3CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D72707
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$Could not unregister the AS. Error $as_reporter::unregister_from_wsc
            • API String ID: 3860382505-3357004189
            • Opcode ID: d1a2397ff5cf34f9d422e55ab80807f881079ef1b544c57c37c40bf93442af80
            • Instruction ID: ffa19783e2be487780fd1979fd36854021f71a316780517fadfc0de801c981e2
            • Opcode Fuzzy Hash: d1a2397ff5cf34f9d422e55ab80807f881079ef1b544c57c37c40bf93442af80
            • Instruction Fuzzy Hash: C6917132B09B8286E710DBA4E8403AE7770FB847A4F540635EAAD43BA9DF7CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D7B0B7
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$Could not unregister the AV. Error $av_reporter::unregister_from_wsc
            • API String ID: 3860382505-3038971805
            • Opcode ID: 1cf3777540b34b279add336ee1f2bea1cf56186a7904b9ca8263bea25f934e54
            • Instruction ID: e39f52ea3106c76c1c1f1d969e08dcfb586c0e070a6abe89634d489b23d42a0f
            • Opcode Fuzzy Hash: 1cf3777540b34b279add336ee1f2bea1cf56186a7904b9ca8263bea25f934e54
            • Instruction Fuzzy Hash: EF914232A09B8196E710DBA4E8403AE7774FB857A4F500635EEAD43BA9DF3CE541C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D88677
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$Could not create the serial execution. Error: $win_fw_ownership::initialize_serial_execution
            • API String ID: 3860382505-3659787877
            • Opcode ID: 77721a959ffa6eed10f3d20dd17757ee270da7d533cae479b4a8a5ef654950cd
            • Instruction ID: 8fd1f13608de9f385f35a7031b1618dcae32e1b6dede85fe5c254a3c9d571631
            • Opcode Fuzzy Hash: 77721a959ffa6eed10f3d20dd17757ee270da7d533cae479b4a8a5ef654950cd
            • Instruction Fuzzy Hash: A0919232A19B8286E710DBA4E8403AE7770FB847A4F500635EAAD43BA9DF3CE551C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DD7438
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$Post event failed; err=$wsc_telemetry::post_event
            • API String ID: 3860382505-455864069
            • Opcode ID: 0911d42ba0882024a28310145d926dc7110e892cf5cc86986a86b37a12fe9e12
            • Instruction ID: c27745800c286f90feb6ea0226d47413deea6430a219a85d40415bf37b9028d9
            • Opcode Fuzzy Hash: 0911d42ba0882024a28310145d926dc7110e892cf5cc86986a86b37a12fe9e12
            • Instruction Fuzzy Hash: 1B816032A09B8296E710DBA4E8403AE7760FB847B4F500735EAAD43BA9DF3CE545C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
            • String ID: out_of_range
            • API String ID: 1944019136-3053435996
            • Opcode ID: e18ef67919c138e366144328a00511938bc197e06932f30011ffe871b1da3974
            • Instruction ID: e4c0e668087899f5566296ed0a024dc799cd5faf1061c8dd0c3f60dbbbb43805
            • Opcode Fuzzy Hash: e18ef67919c138e366144328a00511938bc197e06932f30011ffe871b1da3974
            • Instruction Fuzzy Hash: ED717D62B18B428AEB04CFA9D4803AC3361EB48BE8F509631DA6D577D9DF7CE495C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: SZ_PRODUCT_NAME$product_info$wsc
            • API String ID: 3668304517-1149581336
            • Opcode ID: 3a9cdae9500f661829fd6db54db423c3c3417c87e11b7b3b94345bc1f67bb2bf
            • Instruction ID: 7f554531d3dde1dbe7de31c9e26ac46e48e788934076c9d51f2aabf5a93e4005
            • Opcode Fuzzy Hash: 3a9cdae9500f661829fd6db54db423c3c3417c87e11b7b3b94345bc1f67bb2bf
            • Instruction Fuzzy Hash: 18717B62B18A42A9FF00DBA9D8453AD2362AB44BE8F404731DEBD17ADDDE3CE145C345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Library$ErrorFreeLastLoad
            • String ID: \settings\wsccommunicator_plugins.xml
            • API String ID: 2857588900-1588677065
            • Opcode ID: 4c088bd23ffbe014d5b7bde4b315025b22a102a850f552fa8f4181ddbb39c3cf
            • Instruction ID: d677dd91093bd37cf06f7e02b6b2b5334dbd6f747053b304675d64672f47dc10
            • Opcode Fuzzy Hash: 4c088bd23ffbe014d5b7bde4b315025b22a102a850f552fa8f4181ddbb39c3cf
            • Instruction Fuzzy Hash: 0871BF22B18A8181EE11EBA4E0953BE6361FF847D4F504335E7BD46AEEDF6CE5818701
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB36A8
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$module_type$wsc_command_communication_provider::launch
            • API String ID: 3860382505-1078913699
            • Opcode ID: ea63fc5a0736adbd4cfd9df1194983d886d85229809e55bfaa1512b4c6f77a17
            • Instruction ID: b294cd48051b45c0942b344afe15b752f3d6ed8ff526880e6f11cfc88a13e20e
            • Opcode Fuzzy Hash: ea63fc5a0736adbd4cfd9df1194983d886d85229809e55bfaa1512b4c6f77a17
            • Instruction Fuzzy Hash: 55814036B08A4296EB10DB6AE84036E7370FB88B94F544632DBAD437A9DF3CD455C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB33E8
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$module_type$wsc_command_communication_provider::update
            • API String ID: 3860382505-2715584558
            • Opcode ID: bd19668e1a773b2ecc22357cec4acd5dccfce10c0564ce2a256837137f8e5078
            • Instruction ID: 83dd789ab58c5695070ecb48254c7d0f7d89d2c6a8472b5e5873fdd92229a016
            • Opcode Fuzzy Hash: bd19668e1a773b2ecc22357cec4acd5dccfce10c0564ce2a256837137f8e5078
            • Instruction Fuzzy Hash: B8814132B08A4296DB10DB69E88036E77A0FB88B94F544632DBAD437A9DF3CD455C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB3128
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$module_type$wsc_command_communication_provider::enable
            • API String ID: 3860382505-3394860388
            • Opcode ID: 0d3746bab242fc3de80ac40f4fc4f25f5d2c2de4d4723a784767dfa9fc32e9a4
            • Instruction ID: b16b5680aa72e2a640516c51b6b9a15d74daafd9ac7d947fabd602fb84123ef1
            • Opcode Fuzzy Hash: 0d3746bab242fc3de80ac40f4fc4f25f5d2c2de4d4723a784767dfa9fc32e9a4
            • Instruction Fuzzy Hash: 3E812E32708A4296EB10DB6AE88036E73B0FB88B94F544632DBAD437A9DF3CD455C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DC2323
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DC254C
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTime_invalid_parameter_noinfo_noreturntime
            • String ID: $-> %s$wsc_communicator_launcher_plg::init
            • API String ID: 983007448-3503075372
            • Opcode ID: 5589135ce10748fffabe1fa1247ffadd5edd4c412e6c55a26e9220a10d193b6e
            • Instruction ID: d0762f436419db365b245b207a9b13e8b139175c3185006278480f647cd4c2d8
            • Opcode Fuzzy Hash: 5589135ce10748fffabe1fa1247ffadd5edd4c412e6c55a26e9220a10d193b6e
            • Instruction Fuzzy Hash: 48515A72B08B4296EA149BA5E4503AE6364FB847E4F504332EABD477DADF3CE501C742
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Value
            • String ID: ; err=$helpers::write_last_sent_time_to_reg$last_event_time$write to reg
            • API String ID: 3702945584-3423699521
            • Opcode ID: 55dabdc725b698fda04a63b4d23ba7ec147cbb9748768879bc289b0505208d67
            • Instruction ID: d648d607f1b39ca61594657efc3fc7edbcd531c07bd59e7e679c2fbda6e7c55e
            • Opcode Fuzzy Hash: 55dabdc725b698fda04a63b4d23ba7ec147cbb9748768879bc289b0505208d67
            • Instruction Fuzzy Hash: 54616E32A19B8296E740CBA4E8802AD77B0FB847D4F540635EAAD53BADEF3CD454C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
            • String ID: other_error
            • API String ID: 1944019136-896093151
            • Opcode ID: 194078ac34f84e668632ec424635863dbd4873d699ab95ed0151403adf34a89e
            • Instruction ID: 6801104bcb6930db3398940ecd6b65d76f9dc27d5e384a599487a9f8a02f08d0
            • Opcode Fuzzy Hash: 194078ac34f84e668632ec424635863dbd4873d699ab95ed0151403adf34a89e
            • Instruction Fuzzy Hash: 1B518E22B18B4299FB049FA4D4543AC2361EB597D8F404731EA7C53ADAEF7CE1A4C345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
            • String ID: invalid_iterator
            • API String ID: 1944019136-2508626007
            • Opcode ID: 5d4b35c0580cb16dce36868c87fddc8a2da8cfe010a20eeab7d5fb5982f7c2c8
            • Instruction ID: 8e8c6a0813171a17be9b64c5ba273166dcfe5848d1b7edf6c32e3e8bcfecc803
            • Opcode Fuzzy Hash: 5d4b35c0580cb16dce36868c87fddc8a2da8cfe010a20eeab7d5fb5982f7c2c8
            • Instruction Fuzzy Hash: F1518B62B18B428AFB04CFA4E4443AC2362EB45B98F405731DA7D56ADAEF7CE194C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
            • String ID: type_error
            • API String ID: 1944019136-1406221190
            • Opcode ID: 603db9cd184f7f2ad7bdb7b8cae1e46b527934a082a55651a621933e1418a646
            • Instruction ID: b62a21dda271a7c4eb9e73e928db04a26bd1a98ae10f4442452a781e3c224aad
            • Opcode Fuzzy Hash: 603db9cd184f7f2ad7bdb7b8cae1e46b527934a082a55651a621933e1418a646
            • Instruction Fuzzy Hash: 9E517B62B18B4289FB04DFA4E4443AC2362EB54BE8F409731DA7D13ADADF7CA194D345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ConvertErrorFreeLastLocalSleepString
            • String ID: ConvertSidToStringSid failed err = $sid_to_str
            • API String ID: 1890500361-3037493536
            • Opcode ID: 98e0fe6eb657fbf0d582fa49c9e5869469b747a69d4709cc1bb32b44560e809a
            • Instruction ID: 23bbcd350e88d19acef8d8f5aa40c617ba54c70a33592b8c38b24874a7bc7e58
            • Opcode Fuzzy Hash: 98e0fe6eb657fbf0d582fa49c9e5869469b747a69d4709cc1bb32b44560e809a
            • Instruction Fuzzy Hash: A5514C32A09B4296E7108BA1E48036D77B4FB44BB4F544235EAAD13BA9DF3CE551C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DD0D21
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            • FreeLibrary.KERNEL32 ref: 00007FF8E7DD0E6F
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$FreeLibrarySleepTimetime
            • String ID: $-> %s$wsc_reporter::Stop
            • API String ID: 1499371138-2622584797
            • Opcode ID: 549b9dc28bd8748130ca91ad8e627fea03cf5346bd14f20862963ae7877271a2
            • Instruction ID: 47d84faabaf90c10f5f20496de68b066219511949f9c32e85af55b8e943a3624
            • Opcode Fuzzy Hash: 549b9dc28bd8748130ca91ad8e627fea03cf5346bd14f20862963ae7877271a2
            • Instruction Fuzzy Hash: DE516F31B09B4686EA14DBA5E4403AE6364FB89BE0F544732EBAD07B99CF3CE451C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
            • String ID: bad locale name
            • API String ID: 2967684691-1405518554
            • Opcode ID: 6c443aa8e48061aab8e4c7500e30dbe0008e6a9ed1fb63f9581d57c2165e6d2f
            • Instruction ID: 7c62a605b4ca012ad1fdf4a34cc7a41dc6736b281d1e9fe245eeb3438fe9cea6
            • Opcode Fuzzy Hash: 6c443aa8e48061aab8e4c7500e30dbe0008e6a9ed1fb63f9581d57c2165e6d2f
            • Instruction Fuzzy Hash: 76517522F09B818AEB14CFB0D4503AC33B5AF94798F044635DE6D27A5ADF3CA566C305
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressErrorLastProcSleep
            • String ID: . Error: $Could not load function $service_change_notification::load_function
            • API String ID: 299661913-3203449335
            • Opcode ID: 3d04183b9e5a492bf5e2fc738588a2146843c3a7128a5886b5d2f1131dc07d1f
            • Instruction ID: 605d2b29def4be02dd67033e7106671ff007b137b25510c3a9b2f7d396fa89bc
            • Opcode Fuzzy Hash: 3d04183b9e5a492bf5e2fc738588a2146843c3a7128a5886b5d2f1131dc07d1f
            • Instruction Fuzzy Hash: D5514D32B18B4295F720DBA0E4802AD77A4FF84B94F540235EAAD537A9DF3CD545CB42
            APIs
            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00007FF8E7DCC322), ref: 00007FF8E7DCC3FF
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            • CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00007FF8E7DCC322), ref: 00007FF8E7DCC4A6
            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00007FF8E7DCC322), ref: 00007FF8E7DCC4AF
            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00007FF8E7DCC322), ref: 00007FF8E7DCC4C2
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseCreateCriticalErrorEventHandleInitializeLastSectionSleep
            • String ID: CreateEvent failed
            • API String ID: 439794563-176999938
            • Opcode ID: b99ff219bb3bdc6f0725465208def0c77c88a85fea623ec2415b498e5809685b
            • Instruction ID: d78ec26aad37be2f4f80d96c7f7ddfd426c7ff1524010ab585da53d3fcb8a36f
            • Opcode Fuzzy Hash: b99ff219bb3bdc6f0725465208def0c77c88a85fea623ec2415b498e5809685b
            • Instruction Fuzzy Hash: 95513733609B8196E7108F64E88479D73A8FB44B48F648235CB9D17728EF7CE4AAC345
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
            • String ID: bad locale name
            • API String ID: 2967684691-1405518554
            • Opcode ID: e71bd2a2ab88c33e779b4c7399c7e251f069b365227cc27ea6a98d78d0d42e8a
            • Instruction ID: f726fa74b4af4e362da85965edb74078ea1858162f9f3c4b5e3fb415cf7d5c09
            • Opcode Fuzzy Hash: e71bd2a2ab88c33e779b4c7399c7e251f069b365227cc27ea6a98d78d0d42e8a
            • Instruction Fuzzy Hash: A6416922B0AB8199FB14DFB1D4903AC33B5AF40784F044235DF6D22A5ADE3CD5169306
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressErrorLastProc_invalid_parameter_noinfo_noreturn
            • String ID: epaas_response_create_with_data$failed dll::get_proc
            • API String ID: 3294902964-1797907164
            • Opcode ID: c979153403bf59e0cce425a3c2cb6f13971d0768b7675a9e8a520470e478e467
            • Instruction ID: 7ec53e7842eb8bf20a16db752c8d8cc311d3b9faad13c41f5f9666a72f0e7fc1
            • Opcode Fuzzy Hash: c979153403bf59e0cce425a3c2cb6f13971d0768b7675a9e8a520470e478e467
            • Instruction Fuzzy Hash: 3A318F23A18B8292EA20CB64E44036D7760FB98BD4F504231EBAC03BA9DF7CE595C701
            APIs
            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E7D94C9C), ref: 00007FF8E7D9A776
            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E7D94C9C), ref: 00007FF8E7D9A785
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D9A873
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressErrorLastProc_invalid_parameter_noinfo_noreturn
            • String ID: epaas_response_create$failed dll::get_proc
            • API String ID: 3294902964-1091962615
            • Opcode ID: 691297718d8e4450d149f0bfe665b3888c7c17496e19361fcd624cbb473ac443
            • Instruction ID: 25492ebfce8b9db55687cc4090baa4855d6257dcf250447cf3aad1e693788244
            • Opcode Fuzzy Hash: 691297718d8e4450d149f0bfe665b3888c7c17496e19361fcd624cbb473ac443
            • Instruction Fuzzy Hash: 6C316F23A18B8692EA20CB64E44036D7760FB98BD4F505235EBAC03BA9DF7CE595C701
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D8C4D1
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$WinFwSetStat$win_fw_ownership::save_last_set_win_fw_status
            • API String ID: 3860382505-1644270488
            • Opcode ID: 60daa6109275d109dc3f25deba4dc0389f8de5c9969955f33e77a8f6def507d5
            • Instruction ID: edbdf9e460dff7e18a385a35c2fd3327461674157650cf71b86b47191d705aa2
            • Opcode Fuzzy Hash: 60daa6109275d109dc3f25deba4dc0389f8de5c9969955f33e77a8f6def507d5
            • Instruction Fuzzy Hash: 96412B72608B4296E7109B94E8403AEB360FB857A4F500332EABC476E9DF3DE545CB81
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy
            • String ID:
            • API String ID: 3630682930-0
            • Opcode ID: a2b04af165a8c467580944c73364bd789b7b25b5de8beb4275d095d74b9906e0
            • Instruction ID: 94dfba18eb388f49c053255e442a699e5e45ef880dd5c5e13419bc1e518a4667
            • Opcode Fuzzy Hash: a2b04af165a8c467580944c73364bd789b7b25b5de8beb4275d095d74b9906e0
            • Instruction Fuzzy Hash: 18717D22B09B4199EB049FA5D4403AC6361EB48BD8F409731EEAD1779AEF7CE590C341
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$FileModuleName
            • String ID:
            • API String ID: 2805837667-0
            • Opcode ID: 9c38639f955a1754eb4c3cad3c8a0e8c4c2b8d1002b134207ca453979fb8e1ce
            • Instruction ID: 593531a79d6d7b0e5702f362e37071344d3934172b96bad46ef567dc6ba4f6fd
            • Opcode Fuzzy Hash: 9c38639f955a1754eb4c3cad3c8a0e8c4c2b8d1002b134207ca453979fb8e1ce
            • Instruction Fuzzy Hash: D7814362A28BC182EB508F64E44436E73A5FB947D4F509235EBEC42A99DF7CE095CB01
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _set_statfp
            • String ID:
            • API String ID: 1156100317-0
            • Opcode ID: fd0166797cb0c1687adfea73ec01de8433b8d7c644e3fc75a32185d2adfb865a
            • Instruction ID: e03913fb312e4006772c91d2aedbfc4696d5240d5076201bc85e05924b845059
            • Opcode Fuzzy Hash: fd0166797cb0c1687adfea73ec01de8433b8d7c644e3fc75a32185d2adfb865a
            • Instruction Fuzzy Hash: 4B51E913D0898785E26A9BB8E81037F6350BF42FE4F144235E9FE665D5DF3CA4938602
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandleService$Free$LibraryString
            • String ID:
            • API String ID: 1330875019-0
            • Opcode ID: 65cd4dff6c166a1f3024e9aacbc9a5227f8bbea4e0090bf656d96a21a8f7b88f
            • Instruction ID: 030d2bccf93d641bfb95f6cd7f5e6217798472ed4154df64b1b357343ea1ed59
            • Opcode Fuzzy Hash: 65cd4dff6c166a1f3024e9aacbc9a5227f8bbea4e0090bf656d96a21a8f7b88f
            • Instruction Fuzzy Hash: 0141F536B0AA8686EB559FA9D89036C7360FF49FC4F088535CA6E17768CF6CE844C341
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
            • String ID:
            • API String ID: 2067211477-0
            • Opcode ID: 891e02c0382e5e6effd01d0be349ad4e1d4afebf704675c463acd150b857da2c
            • Instruction ID: 81ed0713b42a9e66325caafe8abfac1dc72972f3d3368ef0e5141b835aca1e7e
            • Opcode Fuzzy Hash: 891e02c0382e5e6effd01d0be349ad4e1d4afebf704675c463acd150b857da2c
            • Instruction Fuzzy Hash: 19216F26B0D78386EE19EFE2E41027D6298AFC4FC0F044631EE6D47799DE3CE4408652
            APIs
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _set_statfp
            • String ID:
            • API String ID: 1156100317-0
            • Opcode ID: ac0d96e36f08d6b2484f0be4cfa7beb5228cb8d89e2ee821a68ca9cb3e671cb7
            • Instruction ID: f2c3fd10fcfa741c3ee1282cd1d9d0a518db1c0decdb87fa8c41d1b87556043d
            • Opcode Fuzzy Hash: ac0d96e36f08d6b2484f0be4cfa7beb5228cb8d89e2ee821a68ca9cb3e671cb7
            • Instruction Fuzzy Hash: 3F11C262E5CA2302F6E411E8E45337D11406F55BF4F088A35EAFED62F6CE1CA9429343
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CreateErrorLastThreadpoolTimer
            • String ID: failed to alloc timer context$failed winapi::thread_pool::make_timer
            • API String ID: 1405359104-804225053
            • Opcode ID: 281fbed876f337af101e44b1b8c30f54c501f8c6daa9aa05a08d617e0843dd94
            • Instruction ID: b7fc46f11520c55177fc53393392d3fd2494bf984cc1e9444e2a9e41f9ad2100
            • Opcode Fuzzy Hash: 281fbed876f337af101e44b1b8c30f54c501f8c6daa9aa05a08d617e0843dd94
            • Instruction Fuzzy Hash: 50C17A22B19B9695EB10CBA5E8803BD2770FB84BC8F145235EE9D13A69DF3CE595C301
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
            • String ID: helpers::cleanup::clear_old_wsc_guids$helpers::cleanup::details::clear_old_wsc_guids_from_wmi
            • API String ID: 73155330-398510618
            • Opcode ID: e73a23d65707198d23dd38acd209ce5756dd43b5cf3e9afba4206127537a155e
            • Instruction ID: 267611d3d2dc03815c22e340129f961b7b6ac65f80be58f8dd21c4488b24bd09
            • Opcode Fuzzy Hash: e73a23d65707198d23dd38acd209ce5756dd43b5cf3e9afba4206127537a155e
            • Instruction Fuzzy Hash: 2D917762B08B8581EA258F99E4443AD73A4FB58BD8F558331DFAC03799DF7CE5928301
            APIs
              • Part of subcall function 00007FF8E7D82600: GetModuleFileNameW.KERNEL32 ref: 00007FF8E7D82680
              • Part of subcall function 00007FF8E7D82600: GetLastError.KERNEL32 ref: 00007FF8E7D8268E
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DCA800
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorFileLastModuleName_invalid_parameter_noinfo_noreturn
            • String ID: <norestart>$Load crash handler failed$dll::get_foldername failed
            • API String ID: 4139909131-3014219687
            • Opcode ID: a0b7f82c4a164237f2428ee918d0aabe899bebaeb1b607abe57a4d20433e95af
            • Instruction ID: 3d929ac24d3683ffa43893523367a624242e01e777647698cbc6add7e97d02bb
            • Opcode Fuzzy Hash: a0b7f82c4a164237f2428ee918d0aabe899bebaeb1b607abe57a4d20433e95af
            • Instruction Fuzzy Hash: 8D714E22A18B8596EB10CBA4E4453AD7374FB887D8F105325EEEC12AA9DF7CE581C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: failed convert error description utf8_to_utf16
            • API String ID: 3668304517-3156949349
            • Opcode ID: 32700df1b1596abc27372c634036d3d1634f5a7c34b58dc8381c2a5eb25a3740
            • Instruction ID: cee413825fc1e3e1127d28288e863417ffe20d8f775357585a059cb0a1d51dec
            • Opcode Fuzzy Hash: 32700df1b1596abc27372c634036d3d1634f5a7c34b58dc8381c2a5eb25a3740
            • Instruction Fuzzy Hash: 99516A62F18A819AEB14CFA8E4853AC2361EB447E8F005731DA6D17BE9DF7CE194C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLastQueryServiceSleepStatus
            • String ID: Could not query the service limited status. Error $helpers::services::query_limited_status
            • API String ID: 260879946-4251040822
            • Opcode ID: 4fe7f371e32ca84406b5e3c7d755805afabbe024c38479101cbecc9fd4647c29
            • Instruction ID: d3e47fb7e79bf67a8a37bc8d26ead31c75748c187bb819587ddf062f043b7ba0
            • Opcode Fuzzy Hash: 4fe7f371e32ca84406b5e3c7d755805afabbe024c38479101cbecc9fd4647c29
            • Instruction Fuzzy Hash: 08616D32B19B829AE710CBA4E4803AE77B4FB85794F500235EAAD53B69DF3CD445C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB6F8E
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_collector::uninitialize_plugins
            • API String ID: 3860382505-1974679079
            • Opcode ID: 921c8ca7710e02dfdf91a1eebf7fe9d208d7e4dc202fd9ab3b8c2230bd01e8a0
            • Instruction ID: b972f9de9f6751b8434e92b310b29217d2976a551eb6de988671420bb4540f90
            • Opcode Fuzzy Hash: 921c8ca7710e02dfdf91a1eebf7fe9d208d7e4dc202fd9ab3b8c2230bd01e8a0
            • Instruction Fuzzy Hash: 43613932609B4286EB10DF64E8803AE73A0FB85BE4F544236DA6C477A8DF3DD885C751
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Value
            • String ID: ; err=$helpers::write_dword_to_reg$write to reg
            • API String ID: 3702945584-2388879816
            • Opcode ID: 0b178b62fb36bd1c27453f8b4bc4934da07c2d375f06cc788da38cbb1f8d05d9
            • Instruction ID: 27eb88ba3114f97531782d3d8d8312fdfcf2ebc2e13c3da10c45241f72120bba
            • Opcode Fuzzy Hash: 0b178b62fb36bd1c27453f8b4bc4934da07c2d375f06cc788da38cbb1f8d05d9
            • Instruction Fuzzy Hash: AD615F32A18B428AE750CBA4E4802AD77B4FB847D4F540235EBAE527ADDF3CD594C781
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB75FE
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_collector::unregister_listeners
            • API String ID: 3860382505-3974979308
            • Opcode ID: e75fe0971672a2c1ceef321a30ae5e8c20fb9bbd83974766642a1d7324bdfb3c
            • Instruction ID: 18ac2dea6a65f5da79500ffcf83a9fad247f9763bda3deda0794003d80c4b1bf
            • Opcode Fuzzy Hash: e75fe0971672a2c1ceef321a30ae5e8c20fb9bbd83974766642a1d7324bdfb3c
            • Instruction Fuzzy Hash: 11516D32708B4286EB10CFA5E4803AD7364FB84BA4F544236DAAD47BA8DF3CD444C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
            • String ID: bad locale name
            • API String ID: 2775327233-1405518554
            • Opcode ID: 1c1444e7e95c9f40254f9c0b35bd7b9ada31a9cc004fee8aff5b861b5087cdbf
            • Instruction ID: ce4ec8827c7a72cb9879cc76f66c937de19ace44307299dc46697f2e87ad8b40
            • Opcode Fuzzy Hash: 1c1444e7e95c9f40254f9c0b35bd7b9ada31a9cc004fee8aff5b861b5087cdbf
            • Instruction Fuzzy Hash: 2E418A22B0AA4199EB14DFB1D4913EC33B4EF44788F080535EE6D67A5DDE3CD5269306
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
            • String ID: bad locale name
            • API String ID: 2775327233-1405518554
            • Opcode ID: 0885bdeb48bff71c486be85b94fc703e9b000333f9b9612ccd2745269d11fffa
            • Instruction ID: 8fce51d58a202f4ba10b0eefe10dc1516e38c6c0872c926f4301872c9bcddadb
            • Opcode Fuzzy Hash: 0885bdeb48bff71c486be85b94fc703e9b000333f9b9612ccd2745269d11fffa
            • Instruction Fuzzy Hash: 5D414832B0AA4189EB14DFB1D4903AC33A4EF44B88F084635DE6D67A5EEE3CD5169306
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DD1357
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_reporter::InitiateAvOfflineCleaning
            • API String ID: 3860382505-294364611
            • Opcode ID: b06e2a2fc459ac6972fbed537ed8e941d57d2d899dabf103e1fd94a7367a8b17
            • Instruction ID: 0a83cfbd7539436a699ff735a23a670ff9f3ca73f0303c5c44b2b6724307d558
            • Opcode Fuzzy Hash: b06e2a2fc459ac6972fbed537ed8e941d57d2d899dabf103e1fd94a7367a8b17
            • Instruction Fuzzy Hash: D4516F32A08B8296E7109B94E4403AE73B0FB84794F544236EBAC57B99DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7D9804E
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$windows_security_center_integration_epaas_module::uninitialize_provider
            • API String ID: 3860382505-872040887
            • Opcode ID: 73c46ae85c2a2dac1e8397d3e2a611c01f56b72a647dc20c35b01cb4b42f0f09
            • Instruction ID: 0a0c061bd6a859d0e2160a8bcaa685a814faaac347eb4f7733026523b2ca566f
            • Opcode Fuzzy Hash: 73c46ae85c2a2dac1e8397d3e2a611c01f56b72a647dc20c35b01cb4b42f0f09
            • Instruction Fuzzy Hash: 5F413032608B4286E710DF64E8403AE73B0FB85BA4F504236EAAD437A9DF7DD555C741
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DD6ED4
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_telemetry::post_report_result
            • API String ID: 3860382505-4212980224
            • Opcode ID: ed07b41336691dbe8b331023dcbb54f36cb0db51f984b31e08ade421455ec068
            • Instruction ID: 37383a4e5d6d5d4b7e34ede97fc85fe566b8c44758bba726de509f3f70d23e9f
            • Opcode Fuzzy Hash: ed07b41336691dbe8b331023dcbb54f36cb0db51f984b31e08ade421455ec068
            • Instruction Fuzzy Hash: 58414C32608A8286E7209BA4E8403EE73A0FB847A4F540736EABD476D9DF3DD555CB41
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBCFFE
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_provider::UnInit
            • API String ID: 3860382505-3685404342
            • Opcode ID: 9d6fce3500f282a4d48925f95bed3688ceaabbda101d330da72c73561503512c
            • Instruction ID: 8e30187deafc471db64af11568ca60fe8c3ff43ad92cebaf78a89477a4527e2a
            • Opcode Fuzzy Hash: 9d6fce3500f282a4d48925f95bed3688ceaabbda101d330da72c73561503512c
            • Instruction Fuzzy Hash: BA410A72608B4186E7109B64E8403AE73B4FB85BA4F504336EAAC437A9DF3DE555CB81
            APIs
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            • timeGetTime.WINMM ref: 00007FF8E7DA2F04
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_command_communication_peer::ProcessCommandLine
            • API String ID: 3860382505-684908108
            • Opcode ID: e50c6184271f00d88b1d7bbd11e0d244511cb704d41d2289434d66700d7b1739
            • Instruction ID: e021efb4184ea39373056dfc37e21f68e888b580d5957e58a17ff20ddc0b17ac
            • Opcode Fuzzy Hash: e50c6184271f00d88b1d7bbd11e0d244511cb704d41d2289434d66700d7b1739
            • Instruction Fuzzy Hash: F8414D32608B429AE710AB95E8413EE7360FB857A4F500732EABC436DADF3DE545C742
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBA90E
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_peer::Start
            • API String ID: 3860382505-3855984393
            • Opcode ID: 438623377673e56f794d9e4823894d3ddc80e01a043e3b3fd309c408b84e9b82
            • Instruction ID: 5cea15881206234a7d3475b34b5b907cc1f3a67823da92875efcd14609ef7c82
            • Opcode Fuzzy Hash: 438623377673e56f794d9e4823894d3ddc80e01a043e3b3fd309c408b84e9b82
            • Instruction Fuzzy Hash: E2410931608B4296E710DB94E9803AE7360FB857A4F500736EABD43699DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBD4A3
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_provider::Stop
            • API String ID: 3860382505-1854121952
            • Opcode ID: 43493113ea8fe9cb976ec2b032def1b28a0d047d8b28ae7122127450c4c8862a
            • Instruction ID: b7bb386db323b706c63cd8b9db34fdff032cb58d82d0d6dc59667072a28ac920
            • Opcode Fuzzy Hash: 43493113ea8fe9cb976ec2b032def1b28a0d047d8b28ae7122127450c4c8862a
            • Instruction Fuzzy Hash: 61412A32608B4196E310DBA4E4443AE73A4FB857A4F500336EABC43AD9DF3DE555CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBAFA9
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_peer::InitiateAvOfflineCleaning
            • API String ID: 3860382505-1431980871
            • Opcode ID: 5ab981e92efd6e3845e7febe22193f182a726e32a4071c6a7011ae73c628aaa3
            • Instruction ID: ff649778991b101720a0ed75c84073b221444d509ac308c9e0eb0d272be099e7
            • Opcode Fuzzy Hash: 5ab981e92efd6e3845e7febe22193f182a726e32a4071c6a7011ae73c628aaa3
            • Instruction Fuzzy Hash: EE411B32608A8286D7109B94E4403AEB3B4FB857A4F500336EABC43BE9DF3DD545CB41
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBADF8
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_peer::UpdateAvAndAsStatusAsync
            • API String ID: 3860382505-2865771596
            • Opcode ID: ef9fe472286abfa21fcf67ab0c354783c1ded254055cfabfa99212bb749c230f
            • Instruction ID: e56b000c558877213dfcf514f2e0b737524d5a214292364462aef6c7ed977c4c
            • Opcode Fuzzy Hash: ef9fe472286abfa21fcf67ab0c354783c1ded254055cfabfa99212bb749c230f
            • Instruction Fuzzy Hash: 84411B32608B8296D710DB94E4403AEB374FB857A4F500336EAAC43BA9DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB57EE
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_collector::UnInit
            • API String ID: 3860382505-3047546046
            • Opcode ID: 11757545deb8691adbf1fda2c3843870323c6410b7e53c5e325c39a850212bbd
            • Instruction ID: 50a30b4889e0a3b2ec7cdd0fa2bc182d7f4357a43a8acddab038e4eefc02a2de
            • Opcode Fuzzy Hash: 11757545deb8691adbf1fda2c3843870323c6410b7e53c5e325c39a850212bbd
            • Instruction Fuzzy Hash: D2410D32608B4186E7109BA4E4403AEB3A4FB857A4F540736EABD43BD9DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBB2E0
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_peer::UpdateFwStatusAsync
            • API String ID: 3860382505-1306562990
            • Opcode ID: d50caac44f8663815dc8ff5c3d7d17248ba7559b51349e741498a5f2783f9472
            • Instruction ID: 1e5eab0436d9c6e9845929dce6cbdacda7892b2496e3ac9a79574065deb8faf0
            • Opcode Fuzzy Hash: d50caac44f8663815dc8ff5c3d7d17248ba7559b51349e741498a5f2783f9472
            • Instruction Fuzzy Hash: E7410932608B4296E7109B94E4403AEB364FB857A4F500336EABD43BD9DF3DE545CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: BdCreateObject$ServMain
            • API String ID: 2574300362-2505129937
            • Opcode ID: 0d53f57a36ec408c6618b6e0052f3e0db73715af1cd191b1d4726aea3c0d1530
            • Instruction ID: 8d4915781a1c1858769d7a6daa0590f766119730b4bf74645cf95417add89a85
            • Opcode Fuzzy Hash: 0d53f57a36ec408c6618b6e0052f3e0db73715af1cd191b1d4726aea3c0d1530
            • Instruction Fuzzy Hash: 9031C426609F8691EB10CB9AE85422DB3A0FB88FD4F544536DFAD43768EF2CD855C301
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBB149
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_status_communication_peer::UnregisterFw
            • API String ID: 3860382505-1429497769
            • Opcode ID: 7310959c34b0d8e1473832c572706b319be633adb543b043c5005b3396b874d5
            • Instruction ID: d9fd490c742502b51d198e651ad5da4719f1a64253757ba2c22c25a82b3e4e39
            • Opcode Fuzzy Hash: 7310959c34b0d8e1473832c572706b319be633adb543b043c5005b3396b874d5
            • Instruction Fuzzy Hash: 36410D32608B429AE7109B94E8403AE7360FB857A4F500336EABD476E9DF3DE545CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressCriticalEnterFreeLibraryProcSection
            • String ID: BdDestroyObject$ServMain
            • API String ID: 575065677-1001278063
            • Opcode ID: 5a642f511e19973d3ec0dcf697d6b6c45b6af20a0e147eaf32b1322b5550d679
            • Instruction ID: 3703f352b391a7c5f7beda21e9aed6e4c2aff65da391c54a8d9b58e02ff13420
            • Opcode Fuzzy Hash: 5a642f511e19973d3ec0dcf697d6b6c45b6af20a0e147eaf32b1322b5550d679
            • Instruction Fuzzy Hash: CB31A566705B46A2EB45DB5AD99536C2360FB88FC4F484036CB5E077A4DF7CE4A5C302
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBA6F2
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::ReportProtectionServiceStopped
            • API String ID: 3860382505-2535424707
            • Opcode ID: 68edd2761f4418aa41dc1b8438907015b8c165b6ad98ebea22d7d881ae749efc
            • Instruction ID: ca3eece5001017207016b39e63e30d6f5776868d82f1193290a41da98b6e6e7c
            • Opcode Fuzzy Hash: 68edd2761f4418aa41dc1b8438907015b8c165b6ad98ebea22d7d881ae749efc
            • Instruction Fuzzy Hash: 5C311C31A08B4296E710DB94E4443AE7370FB857A4F500336EABD466E9DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBA3D2
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::UnregisterFw
            • API String ID: 3860382505-3942199609
            • Opcode ID: a603d933779cfd38f78eb872be14d02ddcad92cf41cee595dc261713b5eea8d2
            • Instruction ID: cf66eb86b6efeec52e0f4ba62c696bdc032029900f9a8d01be124b0f5f111bc4
            • Opcode Fuzzy Hash: a603d933779cfd38f78eb872be14d02ddcad92cf41cee595dc261713b5eea8d2
            • Instruction Fuzzy Hash: 92311C31608B4296E710DBA4E4443AE7370FB857A4F500336EABD466E9DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBA262
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::InitiateAvOfflineCleaning
            • API String ID: 3860382505-2276558501
            • Opcode ID: 5e20fbbcd768ba83ad0f109441e0375e8420177c780e64c80e808a7f0167b0f4
            • Instruction ID: c2e0c10bc9241029610bc94c3c172f23d07221dcef587169dbd7d91180bcf3b4
            • Opcode Fuzzy Hash: 5e20fbbcd768ba83ad0f109441e0375e8420177c780e64c80e808a7f0167b0f4
            • Instruction Fuzzy Hash: 32313B31608B4286E710DB94E4443AE7360FB857A5F500336EABD467E9DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DBA0F2
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::UpdateAvAndAsStatus
            • API String ID: 3860382505-3236270295
            • Opcode ID: 2b2b8622ecfe6badcaf2f416e00f0e40a30d3ed36bb66150bb4b26b2aae11bd2
            • Instruction ID: 11bac7503ce06bc38a5a7059973943b7c556c1c52c988d27d43a9497a1febc89
            • Opcode Fuzzy Hash: 2b2b8622ecfe6badcaf2f416e00f0e40a30d3ed36bb66150bb4b26b2aae11bd2
            • Instruction Fuzzy Hash: B4311C31A08B4296E710DB94E4443AE7370FB857A4F500336EABD466E9DF3DE545CB81
            APIs
            • timeGetTime.WINMM ref: 00007FF8E7DB9F82
              • Part of subcall function 00007FF8E7DFDFA8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFDFD6
              • Part of subcall function 00007FF8E7DFE08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8E7DFE0B5
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo$SleepTimetime
            • String ID: $-> %s$wsc_reporter_lite::UnregisterAvAndAs
            • API String ID: 3860382505-3810640075
            • Opcode ID: d438b14b862c702f906a59bee3f8fb057fddee68f7eb53d126b149eb9905f159
            • Instruction ID: 5076188a8feb0854c3e7a34ae8406e9081d1c2b6b8cb55915831dfae002368db
            • Opcode Fuzzy Hash: d438b14b862c702f906a59bee3f8fb057fddee68f7eb53d126b149eb9905f159
            • Instruction Fuzzy Hash: D1313C31A08B4296E710DBA4E4443AE7370FB853A4F500336EABD466E9DF3DE545CB81
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressCriticalEnterFreeLibraryProcSection
            • String ID: BdDestroyObject$ServMain
            • API String ID: 575065677-1001278063
            • Opcode ID: 11c90e8f69dbb1dd852e00abf1c7e75081c8d70b9b4219355ab0900e8aefc3cf
            • Instruction ID: 3676e486b1380a4d0cecbd447d3ed0feaa2bed5aa408d25a866187792043cb42
            • Opcode Fuzzy Hash: 11c90e8f69dbb1dd852e00abf1c7e75081c8d70b9b4219355ab0900e8aefc3cf
            • Instruction Fuzzy Hash: E221A266709B4692EF099B9AE99476C2360FB88FC4F085435CA6E47764CF7CE4A5C301
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressErrorHandleLastModuleProc
            • String ID: BdGetInterface
            • API String ID: 4275029093-1978712420
            • Opcode ID: a7ef265b57fd070b15a0f0f6bf8758c03cb269733e824da6bb475d276fa0f312
            • Instruction ID: d73b42b2c23689747329e064a172017c063554bb1bf1d184b8c098466b5acd5f
            • Opcode Fuzzy Hash: a7ef265b57fd070b15a0f0f6bf8758c03cb269733e824da6bb475d276fa0f312
            • Instruction Fuzzy Hash: 46210566B09B8681EE158F96E45432D63A1BF88FC4B584234DEAD07768EF7CD4948B01
            APIs
            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExceptionFileHeaderRaise
            • String ID: Product$csm
            • API String ID: 2573137834-2111323872
            • Opcode ID: 5a7d62454bb987b76e0f7d2760f397851870cb75b40519fd3dfdd9f6d5ba798e
            • Instruction ID: e3957d5129001c3098c3077de431237df9d98a7499e4e0cc187a9f95a3e4d1c3
            • Opcode Fuzzy Hash: 5a7d62454bb987b76e0f7d2760f397851870cb75b40519fd3dfdd9f6d5ba798e
            • Instruction Fuzzy Hash: DC110A32A18B8582EB658F65E44036DB7A5FB88B94F184231EF9E07768DF3CD9518B01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Close$Open
            • String ID: Software\Bitdefender\InternalCrashEnabled
            • API String ID: 2976201327-2942834247
            • Opcode ID: 838e30a3e1d4b23659ac1ec2554db2623311da25d8e5514d542da14d0f64e4ce
            • Instruction ID: 9a518be86db8790bcd7994bd29c69daf7f4b5b0e90f063fbfb112a379c79b308
            • Opcode Fuzzy Hash: 838e30a3e1d4b23659ac1ec2554db2623311da25d8e5514d542da14d0f64e4ce
            • Instruction Fuzzy Hash: 3CF0F661B1879282EF504FA1EC04B79A3A4BF94BC4F480134CFAD4B394EF2CC415C611
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressFreeLibraryProc
            • String ID: LogDeinit$logging::CLogDLL::~CLogDLL
            • API String ID: 3013587201-5329003
            • Opcode ID: 781019b11b68eda3d717da1ace42eda92936cc12c5d0dd444f7c630524589061
            • Instruction ID: 448090983de8f3f52e41d7272c84b791d4214ec8a89092dbabc2857d8e86ef8d
            • Opcode Fuzzy Hash: 781019b11b68eda3d717da1ace42eda92936cc12c5d0dd444f7c630524589061
            • Instruction Fuzzy Hash: 0EF0F921B0A64395FF15AFA5E89533C2360FF48FC1F181535CDAE063A8CE2CE4948222
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CriticalSection$EnterLeave
            • String ID: CFwkPluginManager::FreeAllPlugins: freeing %d references of `%s`$fwktools::CFwkPluginManager::FreeAllPlugins
            • API String ID: 3168844106-3099843766
            • Opcode ID: 58d15c37cd00e591630aff6cae9c3c72f679dff71b9c717f55beda04ac0d6eb9
            • Instruction ID: d635a3e2094c06e0fc0968361789c646e97ad8bc845ffc56c65ac6aa6035dac4
            • Opcode Fuzzy Hash: 58d15c37cd00e591630aff6cae9c3c72f679dff71b9c717f55beda04ac0d6eb9
            • Instruction Fuzzy Hash: 9E517A72B05B429AEB018BA5D8443AD3BA5FB44BE8F140235DE6D17799CF3CD882C341
            APIs
            • SetThreadpoolTimer.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D903D4
            • WaitForThreadpoolTimerCallbacks.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D903E0
            • CloseThreadpoolTimer.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D903EE
            • CloseThreadpoolTimer.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D9046F
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ThreadpoolTimer$Close$CallbacksWait
            • String ID:
            • API String ID: 831535739-0
            • Opcode ID: e6983cfc7aa4ddc802c29cbd6ec9ed68a87af485642ba414804e94eb3a29fe32
            • Instruction ID: a9b67f8ad08fd0f53ff375ce3e50ae31208b8d61d29126b9310596945c2dac6c
            • Opcode Fuzzy Hash: e6983cfc7aa4ddc802c29cbd6ec9ed68a87af485642ba414804e94eb3a29fe32
            • Instruction Fuzzy Hash: 84210A26709A5682EB548BA6E6A073D2365FF84FC4B189231DB9E07B58CF7CD4618302
            APIs
            • SetThreadpoolWait.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D90316
            • WaitForThreadpoolWaitCallbacks.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D90324
            • CloseThreadpoolWait.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D90332
            • CloseThreadpoolWait.KERNEL32(?,?,?,?,?,?,?,00007FF8E7D91EC4), ref: 00007FF8E7D9036B
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Wait$Threadpool$Close$Callbacks
            • String ID:
            • API String ID: 678710421-0
            • Opcode ID: fd2c4e4b1dd60a2d820819f7c911b5d6b12e3d9d666c12ec3526b1abd3bb1e5f
            • Instruction ID: e989c381d6c8f21b1232d74e94f5c4850610e37b8e7f104cfc59cbe9246b3b66
            • Opcode Fuzzy Hash: fd2c4e4b1dd60a2d820819f7c911b5d6b12e3d9d666c12ec3526b1abd3bb1e5f
            • Instruction Fuzzy Hash: EC011D6AB06A4682FF599FE1E56533D33A1AF84FC4F188130CE6D0665CCF7CA4448252
            APIs
              • Part of subcall function 00007FF8E7D79980: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8E7D79AD9
              • Part of subcall function 00007FF8E7D79980: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D79ADF
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DA0522
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
            • String ID: bd.process.broker$bd.process.broker.channel.spawner
            • API String ID: 3936042273-1416602129
            • Opcode ID: 1f7bade64479720db0385b273ca8a07a6ad77835b919183997a3154b5f263429
            • Instruction ID: 6ef06c6ef338c7f21a6b9e75f0750912923ea19f83a106af82ec0da7660db1cd
            • Opcode Fuzzy Hash: 1f7bade64479720db0385b273ca8a07a6ad77835b919183997a3154b5f263429
            • Instruction Fuzzy Hash: ACA18E32A08B829AE720CF64E8403ED77B4FB84798F505225EA9C13AA9DF7CD595C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo_noreturn
            • String ID: wsc_loader
            • API String ID: 3668304517-3143197780
            • Opcode ID: c8ab8de9a4f223792d5a4bd0aac5d1e7326a15656b0337af56e141246f8be5bc
            • Instruction ID: b8164fa4444428fbdc3f253c71d7b3f52dda8579d19b8381f1ec86f0c90e058c
            • Opcode Fuzzy Hash: c8ab8de9a4f223792d5a4bd0aac5d1e7326a15656b0337af56e141246f8be5bc
            • Instruction Fuzzy Hash: 2071D022708A8181EB65CF91E4487AE6366FB44BC4F658631DFAD0779ADFBCD482C301
            APIs
              • Part of subcall function 00007FF8E7D82600: GetModuleFileNameW.KERNEL32 ref: 00007FF8E7D82680
              • Part of subcall function 00007FF8E7D82600: GetLastError.KERNEL32 ref: 00007FF8E7D8268E
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D81571
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorFileLastModuleNameSleep_invalid_parameter_noinfo_noreturn
            • String ID: dll::get_foldername failed; err=$process_with_framework::initialize_current_directory
            • API String ID: 515700886-1092012914
            • Opcode ID: 31f8c5cbb946051341fa21e4b2b4c0143fa22f31e853376de3b17eb5d6ec87e7
            • Instruction ID: ace1879c340a1d123a357133b42ca6e2834d2ce3d87c77a91f0a945646e0e351
            • Opcode Fuzzy Hash: 31f8c5cbb946051341fa21e4b2b4c0143fa22f31e853376de3b17eb5d6ec87e7
            • Instruction Fuzzy Hash: B1813C72B19B8285EB10CBA8E4803AD7361FB847D4F540335EAAD03AA9DF3DE585C741
            APIs
            • GetModuleFileNameW.KERNEL32 ref: 00007FF8E7DCD7E3
            • GetLastError.KERNEL32 ref: 00007FF8E7DCD7F8
              • Part of subcall function 00007FF8E7D82320: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D82495
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
              • Part of subcall function 00007FF8E7DB1DA0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E7DB1DC7), ref: 00007FF8E7DB1DA9
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorFileLast$ExceptionHeaderModuleNameRaise_invalid_parameter_noinfo_noreturn
            • String ID: GetModuleFileName returned an unexpected path
            • API String ID: 2059994382-567792
            • Opcode ID: c71143791a2ad404049dba8bc005e4f70a240e756e32de8c212dc0cd76a996c4
            • Instruction ID: dfd464b99e5136614e66a4dfdd653c128f7a3d3aa886c943abb5be82d9aeea53
            • Opcode Fuzzy Hash: c71143791a2ad404049dba8bc005e4f70a240e756e32de8c212dc0cd76a996c4
            • Instruction Fuzzy Hash: A3714B36B18A4691EB148F69E89036D63A0FF84FC4F548236DAAD47768DF3CE895C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID:
            • API String ID: 3215553584-3916222277
            • Opcode ID: 1bbc5617fe5d8fc357cffaa8b394c06d5899be03c3a04639ea1383bd8afb83e3
            • Instruction ID: f0cde717a32c7fdc08fbdfd464df05daf4b0c819c27d0bb1ef5f6620722db9db
            • Opcode Fuzzy Hash: 1bbc5617fe5d8fc357cffaa8b394c06d5899be03c3a04639ea1383bd8afb83e3
            • Instruction Fuzzy Hash: ED617F72B1CA5286E76C8F78D08533D37A6EB05BC8F141335DA6A4629DCF2CE481C712
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID:
            • String ID: Failed to create epaas event.$windows_security_center_integration
            • API String ID: 0-4277936331
            • Opcode ID: 51842a1ae19edc0ae659edce196e4662cb60e75294dc585aeef7099fffe47c7f
            • Instruction ID: 466ee8e4a046b8e60881b6c2ab834e85907ad6754ac32411ad6b6d72ab25a38f
            • Opcode Fuzzy Hash: 51842a1ae19edc0ae659edce196e4662cb60e75294dc585aeef7099fffe47c7f
            • Instruction Fuzzy Hash: AF513932619BC694EB20CB50E4843AEB7A5FB84784F404232D6AD43BAADF7CD154CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _invalid_parameter_noinfo
            • String ID: e+000$gfff
            • API String ID: 3215553584-3030954782
            • Opcode ID: 394b6788483e9afb20590b5279c15bc63c2b3a34adbb56338d63679470f35f54
            • Instruction ID: e63b7695be4853f42aacb9922796c61e8121888f7f3a65f151b7d6d71d21232a
            • Opcode Fuzzy Hash: 394b6788483e9afb20590b5279c15bc63c2b3a34adbb56338d63679470f35f54
            • Instruction Fuzzy Hash: 6B51F562B186C286E725CF65E94136D6A91EB81FD4F089231DBEC47BD9CE2CE444C702
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
            • String ID: <error-not-found>
            • API String ID: 73155330-4264499240
            • Opcode ID: 4730962fccb2e43fa6eb8fcc4aeeec4fdb93f0e6af216113f39165425e1a02a6
            • Instruction ID: 2bc866a20aa1172e35097da4df331c76f1d54a4ff81f7574dee3937cc71fc51d
            • Opcode Fuzzy Hash: 4730962fccb2e43fa6eb8fcc4aeeec4fdb93f0e6af216113f39165425e1a02a6
            • Instruction Fuzzy Hash: 9541AC62B09A8599EA04DBA1E5083AD6660FB84BE8F148731DE7D077CDDF7CE181C341
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: FreeLibrary
            • String ID: Could not unregister from WSC changes. Error $wsc_reporter::unregister_from_security_service_changes
            • API String ID: 3664257935-2368255860
            • Opcode ID: 1b64c59c956254fa6ebb7ac2f64cc0b9fb28ae3a4d0fdb92bdec8e54a7fafc97
            • Instruction ID: d2df6dddbe12eceafd4233d34a3548ef6043f045d783b8f6fda0ab2b4fe3ab46
            • Opcode Fuzzy Hash: 1b64c59c956254fa6ebb7ac2f64cc0b9fb28ae3a4d0fdb92bdec8e54a7fafc97
            • Instruction Fuzzy Hash: 50515D32B09B4295E761CBA0E4802AD77B4FF88794F550235EAAE53768DF3CE541C741
            APIs
            • CoInitializeEx.OLE32 ref: 00007FF8E7DB94E3
              • Part of subcall function 00007FF8E7D79020: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8E7D721D3), ref: 00007FF8E7D79038
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: InitializeSleep
            • String ID: Could not initialize COM. Error $helpers::com::initialize
            • API String ID: 4203272843-301115768
            • Opcode ID: 60a32d125b91adcab10a443aef672536ea3cca33cddc895e8d8c49eae1b43e4a
            • Instruction ID: 31a4534cec8f60159f2ea7b11c9fc942e167ce6267f8baeba13f7338ff7c6b78
            • Opcode Fuzzy Hash: 60a32d125b91adcab10a443aef672536ea3cca33cddc895e8d8c49eae1b43e4a
            • Instruction Fuzzy Hash: 09516032B19B828AE720DBA4E4803AD77B4FB84794F540235EAAD43799DF3CD545CB41
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: AddressCallerErrorFileLastLibraryLoadProcWrite
            • String ID: U
            • API String ID: 1510926668-4171548499
            • Opcode ID: 502a509e1c706d2454729930b122fa941a4286aca5ff5715818b1aefe161375c
            • Instruction ID: 5bec72f379e7944588314bb5328f99e2dc80145ad92eb69b2ed8164f5fe3dcd1
            • Opcode Fuzzy Hash: 502a509e1c706d2454729930b122fa941a4286aca5ff5715818b1aefe161375c
            • Instruction Fuzzy Hash: 5241D632B18A8286DB508FA5E8953AD7765FB98BD4F804131EE9D87798EF3CD441C702
            APIs
            • GetModuleFileNameW.KERNEL32 ref: 00007FF8E7D9BE7A
            • GetLastError.KERNEL32 ref: 00007FF8E7D9BE8F
              • Part of subcall function 00007FF8E7D82320: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7D82495
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
              • Part of subcall function 00007FF8E7DB1DA0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E7DB1DC7), ref: 00007FF8E7DB1DA9
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorFileLast$ExceptionHeaderModuleNameRaise_invalid_parameter_noinfo_noreturn
            • String ID: GetModuleFileName returned an unexpected path
            • API String ID: 2059994382-567792
            • Opcode ID: c53c7e940f7e9830ed62e7f389e07c76cc2d8d1594ddc4ca1a12dfd691c68689
            • Instruction ID: f5039f58bd217b1cdee8e9503f121ab94edc4cfe44940f8fdc0ad90e334f79fa
            • Opcode Fuzzy Hash: c53c7e940f7e9830ed62e7f389e07c76cc2d8d1594ddc4ca1a12dfd691c68689
            • Instruction Fuzzy Hash: AC41A122B1868681FB049FA4E8543AD63A0FF80BC4F944235D76E476ADDF7CE545C742
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
            • String ID: gfffffff
            • API String ID: 73155330-1523873471
            • Opcode ID: 1af3d5b90c5011b68eb17ea74fda165df2358f775322b64abbe1d7039b16fcdd
            • Instruction ID: a19564e21a88096824c4fd6f8d49ffc1313a50caa1fa0b2ec6045c08dcc79e6a
            • Opcode Fuzzy Hash: 1af3d5b90c5011b68eb17ea74fda165df2358f775322b64abbe1d7039b16fcdd
            • Instruction Fuzzy Hash: 0C21D262B16A4745EE089FA6F44537C6399EB08BC0F548631DA2C8678DEE6CE590C302
            APIs
            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8E7DA9736
              • Part of subcall function 00007FF8E7D95C90: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8E7D95DF7
              • Part of subcall function 00007FF8E7DF5DF0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E34
              • Part of subcall function 00007FF8E7DF5DF0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,Product,00007FF8E7D93D13,?,?,?,00007FF8E7D7102E), ref: 00007FF8E7DF5E7A
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ExceptionFileHeaderRaise__std_exception_copy_invalid_parameter_noinfo_noreturn
            • String ID: cannot use operator[] with a string argument with $pipe_name
            • API String ID: 2766386702-3021157005
            • Opcode ID: 3f4dd8f71791c59689a85fcbd064c09c45362e893171fc55946d53f4a3b58371
            • Instruction ID: 4fdefe191ac74a6e98dc1b86313c7c3b915b8580af40538468931aeb0a51df12
            • Opcode Fuzzy Hash: 3f4dd8f71791c59689a85fcbd064c09c45362e893171fc55946d53f4a3b58371
            • Instruction Fuzzy Hash: EC31C66270C68685EE00DBA4E4503AE77A0EB85BD4F944232E6ED477EEDE6CD145C701
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: InfoSecurity
            • String ID: invalid handle parameter$is_owner_system
            • API String ID: 3528565900-1961004910
            • Opcode ID: 733135b3913b9a591668148b0c3b3ea683b1db05551a23bf1d9a81b6b7cdd7c4
            • Instruction ID: 09f8fe900a8dca21b32b9c2f77ca40e4fdab97a77df3250dec8f8abc5956dfea
            • Opcode Fuzzy Hash: 733135b3913b9a591668148b0c3b3ea683b1db05551a23bf1d9a81b6b7cdd7c4
            • Instruction Fuzzy Hash: E8418332A18B8196E7108F65F4402AEB7A4FB987E4F145225EBDC03BA9DF3CE181C740
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLast_invalid_parameter_noinfo_noreturn
            • String ID: GetModuleFileName failed
            • API String ID: 291214032-457209585
            • Opcode ID: df538380a8b39f7e7e5c76748ea48e638f5aa25433a9e65eb2c8a1ba28a100c6
            • Instruction ID: bc42e5f81e60d9fd54504d11ea44f77d8fbc01bbbdec83dc3fda03bd72332da7
            • Opcode Fuzzy Hash: df538380a8b39f7e7e5c76748ea48e638f5aa25433a9e65eb2c8a1ba28a100c6
            • Instruction Fuzzy Hash: 66317622A1878686EA509B55F44036EA3A0FB89BE4F545331EAFC43799DF3CD1458B01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorLastOpenService
            • String ID: OpenService failed
            • API String ID: 1364080077-96198573
            • Opcode ID: 089c94e3e1e7b53954d9ff681502ba22d94fb8a11a1ae799c5da3babb1538e0e
            • Instruction ID: 9d52fa258ad92bd054f1d5be6118897c1133e6d27341ad587ba04f2d0e759338
            • Opcode Fuzzy Hash: 089c94e3e1e7b53954d9ff681502ba22d94fb8a11a1ae799c5da3babb1538e0e
            • Instruction Fuzzy Hash: 11213272A08B8292E7218F94F4803ADB3B4FB88794F544135DBDD02A68EF7CD595CB01
            APIs
              • Part of subcall function 00007FF8E7DCA440: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,00007FF8E7DCA32D), ref: 00007FF8E7DCA46E
              • Part of subcall function 00007FF8E7DCA440: RegCloseKey.ADVAPI32(?,?,?,?,?,00007FF8E7DCA32D), ref: 00007FF8E7DCA48B
            • CreateThread.KERNEL32 ref: 00007FF8E7DCA420
              • Part of subcall function 00007FF8E7DF31E8: EnterCriticalSection.KERNEL32(?,?,?,00007FF8E7D71C90), ref: 00007FF8E7DF31F8
              • Part of subcall function 00007FF8E7DF3188: EnterCriticalSection.KERNEL32(?,?,?,00007FF8E7D71CF4), ref: 00007FF8E7DF3198
              • Part of subcall function 00007FF8E7DF3188: LeaveCriticalSection.KERNEL32(?,?,?,00007FF8E7D71CF4), ref: 00007FF8E7DF31D8
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CriticalSection$Enter$CloseCreateLeaveOpenThread
            • String ID: #abort#$#crash#
            • API String ID: 461504956-3711271617
            • Opcode ID: b88b25d60c340df8ce8f51c002d2b11e9df702405c13f2c9c858f26849e08909
            • Instruction ID: 07b8b2e9eb89e6b6a0b1ed57200b859fc28b373a463e83a0deee0333aad5561f
            • Opcode Fuzzy Hash: b88b25d60c340df8ce8f51c002d2b11e9df702405c13f2c9c858f26849e08909
            • Instruction Fuzzy Hash: 34314B61A0864BA6EB54CBD0E8543BD2760EF94BD4F804236C97E062A8DE3CE586C712
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _handle_error
            • String ID: "$pow
            • API String ID: 1757819995-713443511
            • Opcode ID: 3886a78c72beee55db735833138284eab1111463fa1d110e7556ec35f3b21d8f
            • Instruction ID: d2c034e2845d280fdf7cf3e0c4dded318fb29314af36852fbd6b7cc7c5e765d4
            • Opcode Fuzzy Hash: 3886a78c72beee55db735833138284eab1111463fa1d110e7556ec35f3b21d8f
            • Instruction Fuzzy Hash: EC317E72D1CA8686D3A0CF50E04176EBAB0FBDA788F201326F2D906A59CF7DD0819F01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: ErrorEventLastReset
            • String ID: set_event failed
            • API String ID: 1621066496-2071124804
            • Opcode ID: 9f3fb2c28a23908b960d922ad5199beb41d59b00588984d9c54ec3fc75d62fd0
            • Instruction ID: 7590441f9bec299dc33632ecb524e8bb487b4410416cb5bf73aa6702b9d49b93
            • Opcode Fuzzy Hash: 9f3fb2c28a23908b960d922ad5199beb41d59b00588984d9c54ec3fc75d62fd0
            • Instruction Fuzzy Hash: EA211E22E18B8696E7608F65E94136E7370FB98784F049335EBDC12A15EF7CE1E58701
            APIs
            Strings
            • D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxpath\action_store.cpp, xrefs: 00007FF8E7E07655
            • i_entry >= 0 && i_entry < i_size, xrefs: 00007FF8E7E07654
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _set_error_mode
            • String ID: D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\3rdparty\tinyxml\tinyxpath\action_store.cpp$i_entry >= 0 && i_entry < i_size
            • API String ID: 1949149715-74859147
            • Opcode ID: d77e4e5ed4441a137b3d662befe675070bfafa57c870d310fbb74cb395c2431b
            • Instruction ID: ad772ed491b80ad00eeaaedbfc86ab01d780d797ba5eee80cb526ed8dc3cf157
            • Opcode Fuzzy Hash: d77e4e5ed4441a137b3d662befe675070bfafa57c870d310fbb74cb395c2431b
            • Instruction Fuzzy Hash: 06113A61B1879281EB249B86F4011ADEB64EF99FC0F044035EF9C03B96CE3CD451C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: _set_errno_from_matherr
            • String ID: exp
            • API String ID: 1187470696-113136155
            • Opcode ID: 8e49b68a98430d6cdcc4c78fea497b5648e1964acd3ec3909c386ed780934400
            • Instruction ID: 6749cce8c6ccac5e9d760064991b06a33548fd3eb692c98872801685c4c50983
            • Opcode Fuzzy Hash: 8e49b68a98430d6cdcc4c78fea497b5648e1964acd3ec3909c386ed780934400
            • Instruction Fuzzy Hash: B1210176A186468BE7A0DF68E45167E77A0FB89B80F504535F6DD82B56DF3CD4008F01
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: CloseHandle_invalid_parameter_noinfo_noreturn
            • String ID: CreateFile failed
            • API String ID: 3151167499-3833977531
            • Opcode ID: 31ff15eb84d94a601dfd2f3ac8fff50b1406269696aa664c1d5ee9075c447c42
            • Instruction ID: 1baf88dfd5f9e2436a92ee0245012817334b106e16cad71d1d5a855e985ef9f9
            • Opcode Fuzzy Hash: 31ff15eb84d94a601dfd2f3ac8fff50b1406269696aa664c1d5ee9075c447c42
            • Instruction Fuzzy Hash: 6C117062B086C291EE24DBA4E4553AD6361EB857F4F805332D7BD03ADDDE2CD582C741
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: Stringtry_get_function
            • String ID: LCMapStringEx
            • API String ID: 2588686239-3893581201
            • Opcode ID: 789f2ef0571f4fe9aae363e2f351f6eaf1730c3f018cf3f7df1e8b2573c935ad
            • Instruction ID: 53738da1717c73450ab5ff3a7469cb6f52f5d9646fbe81afa0190e1ff685f7cf
            • Opcode Fuzzy Hash: 789f2ef0571f4fe9aae363e2f351f6eaf1730c3f018cf3f7df1e8b2573c935ad
            • Instruction Fuzzy Hash: 3311E536A08BC286D760CB56F4812AAB7A5FB89BD4F544136EADD83B19CF3CD454CB40
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000004.00000002.1751301093.00007FF8E7D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8E7D70000, based on PE: true
            • Associated: 00000004.00000002.1751286582.00007FF8E7D70000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751363840.00007FF8E7E27000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751393743.00007FF8E7E60000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751408311.00007FF8E7E61000.00000008.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000004.00000002.1751425016.00007FF8E7E68000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_4_2_7ff8e7d70000_rundll32.jbxd
            Similarity
            • API ID: DefaultUsertry_get_function
            • String ID: GetUserDefaultLocaleName
            • API String ID: 3217810228-151340334
            • Opcode ID: 2e0baabd871a82c7385df2d2f18a351fb388911117eb43b8baac6a5ebb90d484
            • Instruction ID: da23ac39462dcc80604e697620f8cbd4a4bce52e8d0c79e526113c284d74f844
            • Opcode Fuzzy Hash: 2e0baabd871a82c7385df2d2f18a351fb388911117eb43b8baac6a5ebb90d484
            • Instruction Fuzzy Hash: D8F08210B0C68382FB589BD5F5427BD5261AF89FC0F444036D9AD47A95CE3CE856C302