Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pH6L2VWRbU.dll

Overview

General Information

Sample name:pH6L2VWRbU.dll
(renamed file extension from exe to dll, renamed because original name is a hash value)
Original sample name:8923ca4504d75400cf80ed71f381c0b4a3086ec7c8dcfba678e3dc8922042d6c.exe
Analysis ID:1573676
MD5:3f3abfe2d3837ec045140a4b1aa5f1bd
SHA1:d2954695e4f504b6e8f8f344824283457284c28a
SHA256:8923ca4504d75400cf80ed71f381c0b4a3086ec7c8dcfba678e3dc8922042d6c
Tags:bootstrap8444-bitmessage-orgexeuser-JAMESWT_MHT
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Found API chain indicative of debugger detection
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • loaddll64.exe (PID: 7628 cmdline: loaddll64.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 7636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7676 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 7700 cmdline: rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7684 cmdline: rundll32.exe C:\Users\user\Desktop\pH6L2VWRbU.dll,Init MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7820 cmdline: rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",Init MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: pH6L2VWRbU.dllReversingLabs: Detection: 18%
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB667380 BCryptGenRandom,SetLastError,SetLastError,3_2_00007FFDFB667380
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB667330 BCryptCloseAlgorithmProvider,3_2_00007FFDFB667330
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB667510 BCryptGenRandom,BCryptCloseAlgorithmProvider,SetLastError,3_2_00007FFDFB667510
Source: pH6L2VWRbU.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lt-LT\*T\*orer\CacheStorage*\57C8EDB95DF3F0AD4EE2DC2B8CFD41576krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000003.2237576807.000002615F7FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFrameworkpUpr\*Application Data\Application Data\Desktop\*\*krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000003.2260721049.000002615F7FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: directory_iterator::directory_iterator: unknown error: "C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\NonCritical_OneDriveSetup.ex_2784e9272a94674726857b0ca955e26e945cd6_00000000_fd232c02-2c1f-427a-a0ea-313316b2b6cf"es\*Application Data\Application Data\Desktop\*\*krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000003.2267477845.000002615F7FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Acrobat_23.006.20320krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000002.4202040012.000002615F7FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2273287316.000002615F7FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdblogion Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Saf source: rundll32.exe, 00000004.00000003.2245331197.000002615D952000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\rundll32.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile opened: a:Jump to behavior
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB672048 FindClose,FindFirstFileExW,GetLastError,3_2_00007FFDFB672048
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6720F8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,3_2_00007FFDFB6720F8

Networking

barindex
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 14.161.21.105 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 31.29.184.175 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 194.164.163.84 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 1.36.218.247 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 24.177.238.115 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 5.50.197.206 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 5.227.186.88 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 20.191.110.180 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 5.227.176.233 8444Jump to behavior
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 194.164.163.84:8444
Source: global trafficTCP traffic: 192.168.2.4:49732 -> 1.36.218.247:8444
Source: global trafficTCP traffic: 192.168.2.4:49734 -> 5.50.197.206:8444
Source: global trafficTCP traffic: 192.168.2.4:49736 -> 5.227.176.233:8444
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 5.227.186.88:8444
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 14.161.21.105:8444
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 20.191.110.180:8444
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 24.177.238.115:8444
Source: global trafficTCP traffic: 192.168.2.4:49754 -> 31.29.184.175:8444
Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
Source: Joe Sandbox ViewASN Name: COMSTAR-VOLGA-ARZAMASRU COMSTAR-VOLGA-ARZAMASRU
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.186.88
Source: unknownTCP traffic detected without corresponding DNS query: 14.161.21.105
Source: unknownTCP traffic detected without corresponding DNS query: 24.177.238.115
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 1.36.218.247
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.50.197.206
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: unknownTCP traffic detected without corresponding DNS query: 5.227.176.233
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB636F10 recv,WSAGetLastError,3_2_00007FFDFB636F10
Source: global trafficDNS traffic detected: DNS query: bootstrap8444.bitmessage.org
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB61B9103_2_00007FFDFB61B910
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB624FF03_2_00007FFDFB624FF0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB60D1703_2_00007FFDFB60D170
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB69D0C03_2_00007FFDFB69D0C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6720F83_2_00007FFDFB6720F8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6237B03_2_00007FFDFB6237B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB692BD83_2_00007FFDFB692BD8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB622BB03_2_00007FFDFB622BB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB689B7C3_2_00007FFDFB689B7C
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB621AC03_2_00007FFDFB621AC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB65AAC03_2_00007FFDFB65AAC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB685ACC3_2_00007FFDFB685ACC
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB617AA03_2_00007FFDFB617AA0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB632A903_2_00007FFDFB632A90
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB62AA903_2_00007FFDFB62AA90
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB65AA603_2_00007FFDFB65AA60
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB64BB103_2_00007FFDFB64BB10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB640B003_2_00007FFDFB640B00
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6529B03_2_00007FFDFB6529B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB656A303_2_00007FFDFB656A30
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB69CA243_2_00007FFDFB69CA24
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB61CA103_2_00007FFDFB61CA10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6208603_2_00007FFDFB620860
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB68A9303_2_00007FFDFB68A930
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB61D9003_2_00007FFDFB61D900
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6228E03_2_00007FFDFB6228E0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB61CFC03_2_00007FFDFB61CFC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB621FA03_2_00007FFDFB621FA0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB68BF703_2_00007FFDFB68BF70
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB63AEB03_2_00007FFDFB63AEB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB622E903_2_00007FFDFB622E90
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB668E903_2_00007FFDFB668E90
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB620E803_2_00007FFDFB620E80
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB63FF503_2_00007FFDFB63FF50
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB68DF3C3_2_00007FFDFB68DF3C
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB685F043_2_00007FFDFB685F04
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB650EE03_2_00007FFDFB650EE0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB61FD603_2_00007FFDFB61FD60
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB634E503_2_00007FFDFB634E50
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB602E103_2_00007FFDFB602E10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB63ACD03_2_00007FFDFB63ACD0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB668CA03_2_00007FFDFB668CA0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB64AC803_2_00007FFDFB64AC80
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB684D203_2_00007FFDFB684D20
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB69ACE83_2_00007FFDFB69ACE8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6683D03_2_00007FFDFB6683D0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6843BC3_2_00007FFDFB6843BC
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6363903_2_00007FFDFB636390
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB68543C3_2_00007FFDFB68543C
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB64E4203_2_00007FFDFB64E420
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB60C2603_2_00007FFDFB60C260
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6373503_2_00007FFDFB637350
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6943243_2_00007FFDFB694324
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6881B93_2_00007FFDFB6881B9
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6841B83_2_00007FFDFB6841B8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB63A1903_2_00007FFDFB63A190
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6351603_2_00007FFDFB635160
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6330B03_2_00007FFDFB6330B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6850B83_2_00007FFDFB6850B8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6690A63_2_00007FFDFB6690A6
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB69306C3_2_00007FFDFB69306C
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6337C03_2_00007FFDFB6337C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6647C03_2_00007FFDFB6647C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB66A7A03_2_00007FFDFB66A7A0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB64D7A03_2_00007FFDFB64D7A0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB64A7A03_2_00007FFDFB64A7A0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6797603_2_00007FFDFB679760
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6687603_2_00007FFDFB668760
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6697683_2_00007FFDFB669768
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6288103_2_00007FFDFB628810
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB67B6C03_2_00007FFDFB67B6C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6347503_2_00007FFDFB634750
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6936EC3_2_00007FFDFB6936EC
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6845C03_2_00007FFDFB6845C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6185E03_2_00007FFDFB6185E0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6224803_2_00007FFDFB622480
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB63B4703_2_00007FFDFB63B470
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB65D5203_2_00007FFDFB65D520
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB66E5103_2_00007FFDFB66E510
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB64B4F03_2_00007FFDFB64B4F0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6694E83_2_00007FFDFB6694E8
Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFDFB609F60 appears 33 times
Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFDFB61C770 appears 36 times
Source: classification engineClassification label: mal60.evad.winDLL@10/1@1/9
Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\Desktop\inventoryJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: pH6L2VWRbU.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pH6L2VWRbU.dll,Init
Source: pH6L2VWRbU.dllReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll"
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pH6L2VWRbU.dll,Init
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",Init
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pH6L2VWRbU.dll,InitJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",InitJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: pH6L2VWRbU.dllStatic PE information: Image base 0x180000000 > 0x60000000
Source: pH6L2VWRbU.dllStatic file information: File size 1098752 > 1048576
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: pH6L2VWRbU.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: pH6L2VWRbU.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lt-LT\*T\*orer\CacheStorage*\57C8EDB95DF3F0AD4EE2DC2B8CFD41576krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000003.2237576807.000002615F7FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFrameworkpUpr\*Application Data\Application Data\Desktop\*\*krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000003.2260721049.000002615F7FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: directory_iterator::directory_iterator: unknown error: "C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\NonCritical_OneDriveSetup.ex_2784e9272a94674726857b0ca955e26e945cd6_00000000_fd232c02-2c1f-427a-a0ea-313316b2b6cf"es\*Application Data\Application Data\Desktop\*\*krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000003.2267477845.000002615F7FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Acrobat_23.006.20320krnlmp.pdbles\*a\ source: rundll32.exe, 00000004.00000002.4202040012.000002615F7FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2273287316.000002615F7FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdblogion Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Saf source: rundll32.exe, 00000004.00000003.2245331197.000002615D952000.00000004.00000020.00020000.00000000.sdmp
Source: pH6L2VWRbU.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: pH6L2VWRbU.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: pH6L2VWRbU.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: pH6L2VWRbU.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: pH6L2VWRbU.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6107FC push rbp; iretd 3_2_00007FFDFB6107FD
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 797Jump to behavior
Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2085Jump to behavior
Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 391Jump to behavior
Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 756Jump to behavior
Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 852Jump to behavior
Source: C:\Windows\System32\rundll32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_3-50254
Source: C:\Windows\System32\loaddll64.exe TID: 7632Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7728Thread sleep count: 797 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7716Thread sleep count: 47 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7732Thread sleep count: 34 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7716Thread sleep count: 2085 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7732Thread sleep count: 391 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7732Thread sleep count: 220 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7732Thread sleep count: 315 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7732Thread sleep count: 342 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7732Thread sleep count: 93 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7740Thread sleep count: 756 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7736Thread sleep count: 42 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7748Thread sleep count: 273 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7748Thread sleep count: 293 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7748Thread sleep count: 318 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7748Thread sleep count: 277 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7748Thread sleep count: 56 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7748Thread sleep count: 231 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7840Thread sleep count: 852 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7836Thread sleep count: 33 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 32 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 112 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 77 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 231 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 75 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 182 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 156 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 165 > 30Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7844Thread sleep count: 196 > 30Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB672048 FindClose,FindFirstFileExW,GetLastError,3_2_00007FFDFB672048
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6720F8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,3_2_00007FFDFB6720F8
Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1645_none_fe1307608fa06d8c
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364;
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b\r1\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1909066385.000002D3025BB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920379752.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\rPc
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r6ce2\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\f\\*
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f1125d
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f\*
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920a2
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\X
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7c
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_3
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f5fec1\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\r\\*=
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981H
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de0
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e22f8x
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: S\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b\r6171
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b\r*d3
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vsQ
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\fWb
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r15ba\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\a\*/b
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf38M
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\rbe
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.19041.1_en-us_369e8b635061fdb3
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-deb
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\r\lc
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vidq
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d\\*
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302597000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3bd5[
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\f\
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\*\*Df
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\f\*
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e22f8
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c6\*
Source: rundll32.exe, 00000005.00000003.1909066385.000002D3025BB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920379752.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2dH
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\fc1\*$d
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\*]
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\fb1
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r9485\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\f
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744\p
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31b
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f47517187443a\**
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67=
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\r\vmbkmclr.sysb3\*P
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\r7\**
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: S\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r\
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98\r\*
Source: rundll32.exe, 00000005.00000003.1783977136.000002D3042B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164r\*
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364m
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\*
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec1389a67
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\r\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5h
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135r\*h
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b58
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\rcbc
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c9d
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\rf3
Source: rundll32.exe, 00000003.00000002.4200455288.000002C9DD568000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<<(
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f\\*
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\red4f
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\r2\*X
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1bys
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.1~>
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f3715a\*
Source: rundll32.exe, 00000003.00000003.1909295269.000002C9DD5DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r\.a
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302597000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5Z
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\122\*g
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\raae06
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\fe16d
Source: rundll32.exe, 00000004.00000003.1887489849.000002615D996000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0cP
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f8f0d0\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06M
Source: rundll32.exe, 00000005.00000003.2046771711.000002D3040C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1908853614.000002D3040C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920128896.000002D3040C1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2265742426.000002D3040C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849571773.000002D3040B1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849626245.000002D3040C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\8fb\*
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\rmicr
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd81c
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\fc\*bb
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: S\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920f0c\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5c8b5
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06h
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.19041.1_none_43a9017744e82ca8(
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0X
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\*
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580H
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vs
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\rf590\*
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r509d3\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\rr0\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de0\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r**
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\r\vmms.exe\*x
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302597000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580]
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790\
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\5\*
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f]
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf385B>
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\fP
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\fAc
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\r
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141p
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\*\*
Source: rundll32.exe, 00000005.00000003.1920538202.000002D302583000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920469417.000002D30257C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077f%
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.17I
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.h>
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611ru
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79 w:
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de135\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e3L>
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f69514\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6\\*M
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\r
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f044137925d6\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920f*\*
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.[
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none$==
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb075185521358b5\*x
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\rd0\*X
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de\*M
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_587
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\*`
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\f
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\
Source: rundll32.exe, 00000003.00000003.1890021751.000002C9DD5F1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1892014006.000002C9DD5F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1889881649.000002C9DD5EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141\r
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955d
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955a
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\*-c
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98X
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586f5\*m
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\rcc
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r6\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744*
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15X
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c}
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302594000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-passth
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\*a7\*-
Source: rundll32.exe, 00000004.00000003.2273884370.000002615F472000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1908850102.000002615F472000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1853183068.000002615F45B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1873729562.000002615F472000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f6395c\*
Source: rundll32.exe, 00000004.00000002.4200428925.000002615D922000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4200331623.000002D302538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\rr
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8s
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\f\\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\vmbkmclr.sys2ca8\*
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0ch
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\re3bc\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\r\
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11
Source: rundll32.exe, 00000004.00000003.1890838160.000002615F4BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c\r\vmicrdv.dllationmodel.datatransfer.dllSettings.dllgement.dllan64e35E
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\f52790\*
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\*
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\*
Source: rundll32.exe, 00000004.00000003.1887489849.000002615D996000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955p
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b614$
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\r\*
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1741_none_4fe99c993cb84326
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f74140
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5aa7\*

Anti Debugging

barindex
Source: C:\Windows\System32\rundll32.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_3-49491
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6740B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDFB6740B8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB674200 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDFB674200
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB6740B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDFB6740B8
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB681648 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDFB681648

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 14.161.21.105 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 31.29.184.175 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 194.164.163.84 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 1.36.218.247 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 24.177.238.115 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 5.50.197.206 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 5.227.186.88 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 20.191.110.180 8444Jump to behavior
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 5.227.176.233 8444Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1Jump to behavior
Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoEx,FormatMessageA,3_2_00007FFDFB6726A8
Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00007FFDFB699C5C
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00007FFDFB699E40
Source: C:\Windows\System32\rundll32.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,3_2_00007FFDFB6993F8
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,3_2_00007FFDFB68F23C
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,3_2_00007FFDFB699824
Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,3_2_00007FFDFB699754
Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,3_2_00007FFDFB68F628
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB687BC8 GetSystemTimeAsFileTime,3_2_00007FFDFB687BC8
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
1
Native API
1
DLL Side-Loading
111
Process Injection
1
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
111
Virtualization/Sandbox Evasion
LSASS Memory111
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
Process Injection
Security Account Manager111
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information
NTDS1
Application Window Discovery
Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information
LSA Secrets11
Peripheral Device Discovery
SSHKeylogging1
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32
Cached Domain Credentials1
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSync12
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
pH6L2VWRbU.dll18%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bootstrap8444.bitmessage.org
194.164.163.84
truetrue
    unknown
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    20.191.110.180
    unknownUnited States
    8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
    14.161.21.105
    unknownViet Nam
    45899VNPT-AS-VNVNPTCorpVNtrue
    31.29.184.175
    unknownRussian Federation
    39858COMSTAR-VOLGA-ARZAMASRUtrue
    5.227.176.233
    unknownRussian Federation
    39858COMSTAR-VOLGA-ARZAMASRUtrue
    194.164.163.84
    bootstrap8444.bitmessage.orgUnited Kingdom
    8897KCOM-SPNService-ProviderNetworkex-MistralGBtrue
    1.36.218.247
    unknownHong Kong
    4760HKTIMS-APHKTLimitedHKtrue
    24.177.238.115
    unknownUnited States
    20115CHARTER-20115UStrue
    5.50.197.206
    unknownFrance
    5410BOUYGTEL-ISPFRtrue
    5.227.186.88
    unknownRussian Federation
    39858COMSTAR-VOLGA-ARZAMASRUtrue
    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1573676
    Start date and time:2024-12-12 13:34:13 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 9m 6s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Sample name:pH6L2VWRbU.dll
    (renamed file extension from exe to dll, renamed because original name is a hash value)
    Original Sample Name:8923ca4504d75400cf80ed71f381c0b4a3086ec7c8dcfba678e3dc8922042d6c.exe
    Detection:MAL
    Classification:mal60.evad.winDLL@10/1@1/9
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 97%
    • Number of executed functions: 61
    • Number of non-executed functions: 174
    Cookbook Comments:
    • Override analysis time to 240s for rundll32
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
    • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing disassembly code.
    • Report size getting too big, too many NtCreateFile calls found.
    • Report size getting too big, too many NtOpenFile calls found.
    • VT rate limit hit for: pH6L2VWRbU.dll
    TimeTypeDescription
    07:35:13API Interceptor1x Sleep call for process: loaddll64.exe modified
    07:35:46API Interceptor14166763x Sleep call for process: rundll32.exe modified
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    20.191.110.180dkarts.dll.dllGet hashmaliciousUnknownBrowse
      14.161.21.105dkarts.dll.dllGet hashmaliciousUnknownBrowse
        31.29.184.175dkarts.dll.dllGet hashmaliciousUnknownBrowse
          5.227.176.233dkarts.dll.dllGet hashmaliciousUnknownBrowse
            1.36.218.247dkarts.dll.dllGet hashmaliciousUnknownBrowse
              24.177.238.115dkarts.dll.dllGet hashmaliciousUnknownBrowse
                5.50.197.206dkarts.dll.dllGet hashmaliciousUnknownBrowse
                  5.227.186.88dkarts.dll.dllGet hashmaliciousUnknownBrowse
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    bootstrap8444.bitmessage.orgdkarts.dll.dllGet hashmaliciousUnknownBrowse
                    • 185.158.248.216
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    VNPT-AS-VNVNPTCorpVNdkarts.dll.dllGet hashmaliciousUnknownBrowse
                    • 14.161.21.105
                    mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                    • 113.178.114.34
                    RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                    • 203.161.42.73
                    jew.arm7.elfGet hashmaliciousMiraiBrowse
                    • 14.227.226.223
                    x86_64.elfGet hashmaliciousMiraiBrowse
                    • 14.182.4.78
                    Josho.spc.elfGet hashmaliciousUnknownBrowse
                    • 113.169.120.178
                    Josho.arm7.elfGet hashmaliciousMiraiBrowse
                    • 14.172.125.67
                    Josho.sh4.elfGet hashmaliciousUnknownBrowse
                    • 14.250.34.64
                    Outstanding Invoices Spreadsheet Scan 00495_PDF.exeGet hashmaliciousFormBookBrowse
                    • 203.161.49.193
                    rebirth.x86.elfGet hashmaliciousMirai, OkiruBrowse
                    • 14.255.152.82
                    MICROSOFT-CORP-MSN-AS-BLOCKUSdkarts.dll.dllGet hashmaliciousUnknownBrowse
                    • 20.191.110.180
                    http://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • 204.79.197.203
                    http://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • 204.79.197.203
                    jew.m68k.elfGet hashmaliciousUnknownBrowse
                    • 20.140.122.126
                    427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.emlGet hashmaliciousUnknownBrowse
                    • 52.109.76.144
                    setup (2).msiGet hashmaliciousUnknownBrowse
                    • 204.79.197.237
                    Non_disclosure_agreement.lnk.download.lnkGet hashmaliciousUnknownBrowse
                    • 13.107.42.14
                    https://feji.us/m266heGet hashmaliciousUnknownBrowse
                    • 51.140.146.131
                    jew.sh4.elfGet hashmaliciousUnknownBrowse
                    • 20.226.166.194
                    COMSTAR-VOLGA-ARZAMASRUdkarts.dll.dllGet hashmaliciousUnknownBrowse
                    • 5.227.186.88
                    arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                    • 31.29.161.146
                    splarm.elfGet hashmaliciousUnknownBrowse
                    • 5.227.177.249
                    NMdpQecbkg.elfGet hashmaliciousMiraiBrowse
                    • 5.227.176.98
                    kqC3GSMydG.elfGet hashmaliciousMiraiBrowse
                    • 5.227.176.91
                    NYEg4cbUEE.elfGet hashmaliciousMiraiBrowse
                    • 5.227.176.81
                    AQGA3j2t5e.elfGet hashmaliciousMiraiBrowse
                    • 5.227.176.83
                    g01frerVyOGet hashmaliciousUnknownBrowse
                    • 5.227.176.90
                    8XY8mR9Jz0.elfGet hashmaliciousUnknownBrowse
                    • 5.227.188.88
                    HvEXgCpRA0Get hashmaliciousMiraiBrowse
                    • 5.227.176.82
                    No context
                    No context
                    Process:C:\Windows\System32\rundll32.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):32
                    Entropy (8bit):4.875
                    Encrypted:false
                    SSDEEP:3:hb77qVeQmYIFvn:hb7vzr
                    MD5:DB8597B2F0BDDD9AF68DAC74BDF9520E
                    SHA1:0DC548535272A0A754321D1A35A14F9B4E2ABE13
                    SHA-256:0812658D282E7DADE10C965EED7451871A96641417247B10F75FF8EBEAB1D931
                    SHA-512:AEF98A4EF44933BDC242D28198D0594D69E0866D14987C1856926A80007016180E09569E098812F55354BC7297811B25F5E2FD12A96AF4850E42A6CB8F47998B
                    Malicious:false
                    Reputation:low
                    Preview:J*]i...$^^om..0.>.K.b../..=....A
                    File type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                    Entropy (8bit):6.50810112812364
                    TrID:
                    • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                    • Win64 Executable (generic) (12005/4) 10.17%
                    • Generic Win/DOS Executable (2004/3) 1.70%
                    • DOS Executable Generic (2002/1) 1.70%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                    File name:pH6L2VWRbU.dll
                    File size:1'098'752 bytes
                    MD5:3f3abfe2d3837ec045140a4b1aa5f1bd
                    SHA1:d2954695e4f504b6e8f8f344824283457284c28a
                    SHA256:8923ca4504d75400cf80ed71f381c0b4a3086ec7c8dcfba678e3dc8922042d6c
                    SHA512:fb580c67471016cfff964a8f100c3d80f407968700b8412ae96c564b624514d75d123ce184b581d6362c1efcd47d0a6c8660a69d6cf7754da8ab7d268e8f0508
                    SSDEEP:24576:9gjkdHyKhERnZGXA9O+4E7xPh0lhSMXlEo:9gjcO/fw0uT
                    TLSH:E8359E06B3A800B9D0BAD17CCA471746D7B2B80013A19BDF1BD1665E9F67BE19E3E311
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... /..dN..dN..dN../6..nN../6...N../6..vN..u...nN..u...kN..u...9N......eN..dN...N../6..mN......IN......eN......eN......eN..RichdN.
                    Icon Hash:7ae282899bbab082
                    Entrypoint:0x180073b1c
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x180000000
                    Subsystem:windows cui
                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                    Time Stamp:0x6758BD14 [Tue Dec 10 22:13:40 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:1ec5dfedbfd3d85f88163e124ab2eb1b
                    Instruction
                    dec eax
                    mov dword ptr [esp+08h], ebx
                    dec eax
                    mov dword ptr [esp+10h], esi
                    push edi
                    dec eax
                    sub esp, 20h
                    dec ecx
                    mov edi, eax
                    mov ebx, edx
                    dec eax
                    mov esi, ecx
                    cmp edx, 01h
                    jne 00007FE609118387h
                    call 00007FE609118CE8h
                    dec esp
                    mov eax, edi
                    mov edx, ebx
                    dec eax
                    mov ecx, esi
                    dec eax
                    mov ebx, dword ptr [esp+30h]
                    dec eax
                    mov esi, dword ptr [esp+38h]
                    dec eax
                    add esp, 20h
                    pop edi
                    jmp 00007FE609118220h
                    int3
                    int3
                    int3
                    dec eax
                    mov eax, esp
                    dec eax
                    mov dword ptr [eax+18h], ebx
                    dec eax
                    mov dword ptr [eax+20h], esi
                    dec eax
                    mov dword ptr [eax+10h], edx
                    dec eax
                    mov dword ptr [eax+08h], ecx
                    push edi
                    inc ecx
                    push esi
                    inc ecx
                    push edi
                    dec eax
                    sub esp, 30h
                    dec ebp
                    mov edi, ecx
                    dec ebp
                    mov esi, eax
                    dec eax
                    mov esi, edx
                    dec eax
                    mov edi, ecx
                    xor ebx, ebx
                    dec eax
                    mov dword ptr [eax-20h], ebx
                    mov byte ptr [eax-28h], bl
                    dec ecx
                    cmp ebx, esi
                    je 00007FE6091183A3h
                    dec eax
                    mov ecx, edi
                    dec ecx
                    mov eax, edi
                    dec eax
                    mov edx, dword ptr [00032909h]
                    call edx
                    dec eax
                    add edi, esi
                    dec eax
                    mov dword ptr [esp+50h], edi
                    dec eax
                    inc ebx
                    dec eax
                    mov dword ptr [esp+28h], ebx
                    jmp 00007FE60911835Ch
                    mov byte ptr [esp+20h], 00000001h
                    dec eax
                    mov ebx, dword ptr [esp+60h]
                    dec eax
                    mov esi, dword ptr [esp+68h]
                    dec eax
                    add esp, 30h
                    inc ecx
                    pop edi
                    inc ecx
                    pop esi
                    pop edi
                    ret
                    dec eax
                    mov eax, esp
                    dec esp
                    mov dword ptr [eax+20h], ecx
                    dec esp
                    mov dword ptr [eax+18h], eax
                    dec eax
                    mov dword ptr [eax+10h], edx
                    push ebx
                    push esi
                    push edi
                    inc ecx
                    push esi
                    dec eax
                    sub esp, 38h
                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0xfdd700x40.rdata
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xfddb00x64.rdata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1100000x1e0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1070000x8064.pdata
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1110000x1908.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0xe92300x1c.rdata
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0xe94000x28.rdata
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xe90f00x140.rdata
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0xa60000x498.rdata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000xa4f600xa5000eb052a0e226432727af8ec23474a6564False0.4926195549242424data6.460614320656879IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rdata0xa60000x58ca20x58e00f930a5299b32ced35aac8ba13c149a45False0.4118539029535865data5.910982572298807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .data0xff0000x76540x4400d6f55a277fa36843a6b3cbde13dcdc6bFalse0.16055836397058823data4.19393639646241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .pdata0x1070000x80640x82000fe057acb28de74beaad8a9d910f5bcbFalse0.4846153846153846data5.887842713008446IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .rsrc0x1100000x1e00x200aa509642125d4a9e176e608bdcf1d305False0.529296875data4.708553337303423IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x1110000x19080x1a00eb67f784e102933bb742dc448b7c79beFalse0.32572115384615385data5.383294772612287IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0x1100600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                    DLLImport
                    WS2_32.dllconnect, closesocket, ioctlsocket, getsockopt, ntohs, inet_pton, freeaddrinfo, getaddrinfo, WSAGetLastError, WSACleanup, WSAStartup, socket, shutdown, send, select, recv, htons
                    KERNEL32.dllInitializeCriticalSectionEx, SetEndOfFile, WriteConsoleW, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, HeapSize, HeapReAlloc, SetCurrentDirectoryW, WaitForSingleObject, CreateThread, GetModuleFileNameW, CloseHandle, GetDriveTypeA, GetLastError, SetLastError, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleW, SetFilePointerEx, GetFileSizeEx, ReadFile, GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, GetFileType, GetStdHandle, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, SleepConditionVariableSRW, Sleep, GetCurrentThreadId, FormatMessageA, GetCurrentDirectoryW, CreateDirectoryW, CreateFileW, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, SetFileInformationByHandle, AreFileApisANSI, GetModuleHandleW, GetProcAddress, GetFileInformationByHandleEx, MultiByteToWideChar, WideCharToMultiByte, LocalFree, GetLocaleInfoEx, WaitForSingleObjectEx, GetExitCodeThread, GetNativeSystemInfo, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, DeleteCriticalSection, GetSystemTimeAsFileTime, EncodePointer, DecodePointer, LCMapStringEx, WakeAllConditionVariable, GetStringTypeW, GetCPInfo, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, RtlPcToFileHeader, RaiseException, RtlUnwindEx, InterlockedPushEntrySList, InterlockedFlushSList, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, HeapFree, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree
                    USER32.dllTranslateMessage, DispatchMessageA, PostThreadMessageA, GetKeyState, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExA, GetWindowTextA, GetForegroundWindow, GetKeyNameTextA, GetMessageA
                    bcrypt.dllBCryptCloseAlgorithmProvider, BCryptGenRandom, BCryptOpenAlgorithmProvider
                    NameOrdinalAddress
                    Init10x180005ee0
                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States
                    TimestampSource PortDest PortSource IPDest IP
                    Dec 12, 2024 13:35:11.184983015 CET497308444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:11.185276031 CET497318444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:11.193972111 CET497328444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:11.195348024 CET497338444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:11.209351063 CET497348444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:11.209681034 CET497358444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:11.224145889 CET497368444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:11.224663973 CET497378444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:11.239475965 CET497388444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:11.239583015 CET497398444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:11.255636930 CET497408444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:11.256122112 CET497418444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:11.270786047 CET497428444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:11.271188974 CET497438444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:11.289680958 CET497448444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:11.289953947 CET497458444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:11.305413961 CET844449730194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:11.305459023 CET844449731194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:11.305567980 CET497318444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:11.305598021 CET497308444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:11.314222097 CET8444497321.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:11.314433098 CET497328444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:11.315298080 CET8444497331.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:11.315470934 CET497338444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:11.330321074 CET8444497345.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:11.330549002 CET497348444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:11.330595016 CET8444497355.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:11.330830097 CET497358444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:11.344294071 CET8444497365.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:11.344548941 CET497368444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:11.344872952 CET8444497375.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:11.344958067 CET497378444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:11.350375891 CET497338444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:11.350469112 CET497308444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:11.350522041 CET497378444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:11.350593090 CET497348444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:11.350754023 CET497318444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:11.350877047 CET497328444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:11.350877047 CET497368444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:11.350920916 CET497358444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:11.359764099 CET8444497385.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:11.359808922 CET8444497395.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:11.359952927 CET497388444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:11.360008955 CET497398444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:11.364372969 CET497398444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:11.364653111 CET497388444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:11.375904083 CET84444974014.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:11.376137972 CET497408444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:11.376342058 CET84444974114.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:11.376409054 CET497418444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:11.380316019 CET497418444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:11.380508900 CET497408444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:11.391127110 CET84444974220.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:11.391216993 CET497428444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:11.391263008 CET84444974320.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:11.391344070 CET497438444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:11.395797968 CET497438444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:11.395987988 CET497428444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:11.409972906 CET84444974424.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:11.410070896 CET84444974524.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:11.410209894 CET497448444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:11.410301924 CET497458444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:11.411525965 CET497458444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:11.411706924 CET497448444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:11.470865011 CET8444497331.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:11.470907927 CET8444497375.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:11.470938921 CET844449730194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:11.470967054 CET8444497345.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:11.471024990 CET844449731194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:11.471054077 CET8444497321.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:11.471107006 CET8444497365.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:11.471134901 CET8444497355.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:11.484678984 CET8444497395.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:11.484771013 CET8444497385.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:11.501112938 CET84444974114.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:11.501157045 CET84444974014.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:11.516511917 CET84444974320.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:11.516601086 CET84444974220.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:11.531688929 CET84444974524.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:11.531733990 CET84444974424.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:13.499041080 CET84444974320.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:13.499317884 CET497438444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:13.502304077 CET84444974220.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:13.502469063 CET497428444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:13.506360054 CET8444497355.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:13.506392002 CET8444497345.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:13.506460905 CET497348444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:13.506577015 CET497358444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:13.746716976 CET497468444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:13.755237103 CET497478444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:13.770823002 CET497488444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:13.786555052 CET497498444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:13.802639008 CET497508444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:13.818181038 CET497518444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:13.833419085 CET497528444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:13.849054098 CET497538444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:13.867924929 CET844449746194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:13.868014097 CET497468444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:13.875058889 CET8444497471.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:13.875137091 CET497478444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:13.879980087 CET497468444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:13.880018950 CET497478444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:13.890913010 CET8444497485.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:13.891005993 CET497488444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:13.895648956 CET497488444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:13.907078981 CET8444497495.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:13.907159090 CET497498444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:13.911305904 CET497498444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:13.922815084 CET8444497505.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:13.922930956 CET497508444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:13.927063942 CET497508444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:13.938117981 CET84444975114.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:13.938323021 CET497518444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:13.942640066 CET497518444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:13.953459024 CET84444975220.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:13.953527927 CET497528444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:13.958281040 CET497528444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:13.969456911 CET84444975324.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:13.969578028 CET497538444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:13.973783016 CET497538444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:14.000441074 CET844449746194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:14.000485897 CET8444497471.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:14.015403986 CET8444497485.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:14.031409025 CET8444497495.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:14.046909094 CET8444497505.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:14.062468052 CET84444975114.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:14.078119993 CET84444975220.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:14.094799042 CET84444975324.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:15.450031996 CET844449731194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:15.458374023 CET497318444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:15.475064993 CET497548444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:15.580046892 CET844449731194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:15.580164909 CET497318444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:15.596383095 CET84444975431.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:15.596498013 CET497548444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:15.598761082 CET497548444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:15.718740940 CET84444975431.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:16.064963102 CET84444975220.191.110.180192.168.2.4
                    Dec 12, 2024 13:35:16.065047979 CET497528444192.168.2.420.191.110.180
                    Dec 12, 2024 13:35:16.069636106 CET8444497485.50.197.206192.168.2.4
                    Dec 12, 2024 13:35:16.069772959 CET497488444192.168.2.45.50.197.206
                    Dec 12, 2024 13:35:16.527734041 CET844449730194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:16.543416023 CET497308444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:16.555342913 CET497558444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:16.663693905 CET844449730194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:16.663846016 CET497308444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:16.675477028 CET84444975531.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:16.675709963 CET497558444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:16.676827908 CET497558444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:16.796619892 CET84444975531.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:18.137037992 CET844449746194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:18.146505117 CET497468444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:18.184212923 CET497568444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:18.268158913 CET844449746194.164.163.84192.168.2.4
                    Dec 12, 2024 13:35:18.268357992 CET497468444192.168.2.4194.164.163.84
                    Dec 12, 2024 13:35:18.304794073 CET84444975631.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:18.304889917 CET497568444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:18.318008900 CET497568444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:18.438437939 CET84444975631.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:33.197920084 CET8444497331.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:33.198005915 CET497338444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:33.213407040 CET8444497321.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:33.213485956 CET497328444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:33.244890928 CET8444497395.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:33.244915009 CET8444497365.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:33.245032072 CET497398444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:33.247045040 CET497368444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:33.260636091 CET8444497375.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:33.260859013 CET497378444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:33.276298046 CET8444497385.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:33.276396990 CET497388444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:33.276541948 CET84444974014.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:33.276556969 CET84444974114.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:33.276601076 CET497408444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:33.276688099 CET497418444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:33.307897091 CET84444974524.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:33.308084011 CET497458444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:33.323127031 CET84444974424.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:33.323245049 CET497448444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:35.775774956 CET8444497471.36.218.247192.168.2.4
                    Dec 12, 2024 13:35:35.778233051 CET497478444192.168.2.41.36.218.247
                    Dec 12, 2024 13:35:35.806730986 CET8444497495.227.176.233192.168.2.4
                    Dec 12, 2024 13:35:35.807132959 CET497498444192.168.2.45.227.176.233
                    Dec 12, 2024 13:35:35.822261095 CET84444975114.161.21.105192.168.2.4
                    Dec 12, 2024 13:35:35.822421074 CET8444497505.227.186.88192.168.2.4
                    Dec 12, 2024 13:35:35.822454929 CET497518444192.168.2.414.161.21.105
                    Dec 12, 2024 13:35:35.822489977 CET497508444192.168.2.45.227.186.88
                    Dec 12, 2024 13:35:35.869533062 CET84444975324.177.238.115192.168.2.4
                    Dec 12, 2024 13:35:35.870187998 CET497538444192.168.2.424.177.238.115
                    Dec 12, 2024 13:35:37.494235992 CET84444975431.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:37.494424105 CET497548444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:38.572627068 CET84444975531.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:38.572696924 CET497558444192.168.2.431.29.184.175
                    Dec 12, 2024 13:35:40.197621107 CET84444975631.29.184.175192.168.2.4
                    Dec 12, 2024 13:35:40.197722912 CET497568444192.168.2.431.29.184.175
                    TimestampSource PortDest PortSource IPDest IP
                    Dec 12, 2024 13:35:10.717806101 CET5158053192.168.2.41.1.1.1
                    Dec 12, 2024 13:35:11.176650047 CET53515801.1.1.1192.168.2.4
                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Dec 12, 2024 13:35:10.717806101 CET192.168.2.41.1.1.10x1670Standard query (0)bootstrap8444.bitmessage.orgA (IP address)IN (0x0001)false
                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Dec 12, 2024 13:35:11.176650047 CET1.1.1.1192.168.2.40x1670No error (0)bootstrap8444.bitmessage.org194.164.163.84A (IP address)IN (0x0001)false
                    Dec 12, 2024 13:35:11.176650047 CET1.1.1.1192.168.2.40x1670No error (0)bootstrap8444.bitmessage.org185.158.248.216A (IP address)IN (0x0001)false
                    Dec 12, 2024 13:35:11.176650047 CET1.1.1.1192.168.2.40x1670No error (0)bootstrap8444.bitmessage.org85.25.152.9A (IP address)IN (0x0001)false
                    Dec 12, 2024 13:35:11.176650047 CET1.1.1.1192.168.2.40x1670No error (0)bootstrap8444.bitmessage.org85.114.135.102A (IP address)IN (0x0001)false

                    Click to jump to process

                    Click to jump to process

                    Click to dive into process behavior distribution

                    Click to jump to process

                    Target ID:0
                    Start time:07:35:09
                    Start date:12/12/2024
                    Path:C:\Windows\System32\loaddll64.exe
                    Wow64 process (32bit):false
                    Commandline:loaddll64.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll"
                    Imagebase:0x7ff78e8d0000
                    File size:165'888 bytes
                    MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Target ID:1
                    Start time:07:35:09
                    Start date:12/12/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Target ID:2
                    Start time:07:35:09
                    Start date:12/12/2024
                    Path:C:\Windows\System32\cmd.exe
                    Wow64 process (32bit):false
                    Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1
                    Imagebase:0x7ff699a40000
                    File size:289'792 bytes
                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Target ID:3
                    Start time:07:35:09
                    Start date:12/12/2024
                    Path:C:\Windows\System32\rundll32.exe
                    Wow64 process (32bit):false
                    Commandline:rundll32.exe C:\Users\user\Desktop\pH6L2VWRbU.dll,Init
                    Imagebase:0x7ff6bc340000
                    File size:71'680 bytes
                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Target ID:4
                    Start time:07:35:10
                    Start date:12/12/2024
                    Path:C:\Windows\System32\rundll32.exe
                    Wow64 process (32bit):false
                    Commandline:rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",#1
                    Imagebase:0x7ff6bc340000
                    File size:71'680 bytes
                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Target ID:5
                    Start time:07:35:13
                    Start date:12/12/2024
                    Path:C:\Windows\System32\rundll32.exe
                    Wow64 process (32bit):false
                    Commandline:rundll32.exe "C:\Users\user\Desktop\pH6L2VWRbU.dll",Init
                    Imagebase:0x7ff6bc340000
                    File size:71'680 bytes
                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Reset < >

                      Execution Graph

                      Execution Coverage:4.6%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:15.4%
                      Total number of Nodes:1584
                      Total number of Limit Nodes:10
                      execution_graph 48172 7ffdfb608100 SetWindowsHookExA 48173 7ffdfb60823f 48172->48173 48174 7ffdfb6081aa GetKeyState GetKeyState GetMessageA 48172->48174 48175 7ffdfb60822d UnhookWindowsHookEx CloseHandle 48174->48175 48176 7ffdfb6081fd 48174->48176 48175->48173 48177 7ffdfb608200 TranslateMessage DispatchMessageA GetMessageA 48176->48177 48177->48175 48177->48177 48178 7ffdfb67199c 48179 7ffdfb6719e2 48178->48179 48185 7ffdfb671a3c 48179->48185 48186 7ffdfb68a7ec 48179->48186 48183 7ffdfb671a30 48183->48185 48206 7ffdfb681cd4 48183->48206 48187 7ffdfb68a718 48186->48187 48188 7ffdfb68a73e 48187->48188 48191 7ffdfb68a771 48187->48191 48220 7ffdfb687018 11 API calls memcpy_s 48188->48220 48190 7ffdfb68a743 48221 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 48190->48221 48193 7ffdfb68a777 48191->48193 48194 7ffdfb68a784 48191->48194 48222 7ffdfb687018 11 API calls memcpy_s 48193->48222 48214 7ffdfb6902dc 19 API calls __std_fs_directory_iterator_open 48194->48214 48197 7ffdfb68a78e 48198 7ffdfb68a7a5 48197->48198 48199 7ffdfb68a798 48197->48199 48215 7ffdfb695a28 48198->48215 48223 7ffdfb687018 11 API calls memcpy_s 48199->48223 48202 7ffdfb68a7b8 48224 7ffdfb681ba4 LeaveCriticalSection 48202->48224 48204 7ffdfb671a15 48204->48185 48205 7ffdfb682b80 75 API calls _invalid_parameter_noinfo_noreturn 48204->48205 48205->48183 48207 7ffdfb681d04 48206->48207 48340 7ffdfb681bb0 48207->48340 48209 7ffdfb681d1d 48210 7ffdfb681d42 48209->48210 48350 7ffdfb681528 47 API calls 2 library calls 48209->48350 48212 7ffdfb681d57 48210->48212 48351 7ffdfb681528 47 API calls 2 library calls 48210->48351 48212->48185 48214->48197 48225 7ffdfb695688 53 API calls 3 library calls 48215->48225 48217 7ffdfb695a4e 48219 7ffdfb695a82 48217->48219 48226 7ffdfb69d4b0 48217->48226 48219->48202 48220->48190 48221->48204 48222->48204 48223->48204 48225->48217 48229 7ffdfb69c960 48226->48229 48230 7ffdfb69c995 48229->48230 48231 7ffdfb69c977 48229->48231 48230->48231 48233 7ffdfb69c9b1 48230->48233 48283 7ffdfb687018 11 API calls memcpy_s 48231->48283 48240 7ffdfb69d0c0 48233->48240 48234 7ffdfb69c97c 48284 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 48234->48284 48237 7ffdfb69c988 48237->48219 48286 7ffdfb69cca4 48240->48286 48243 7ffdfb69d135 48318 7ffdfb686ff8 11 API calls memcpy_s 48243->48318 48244 7ffdfb69d14d 48306 7ffdfb69a504 48244->48306 48248 7ffdfb69d13a 48319 7ffdfb687018 11 API calls memcpy_s 48248->48319 48276 7ffdfb69c9dc 48276->48237 48285 7ffdfb69a4dc LeaveCriticalSection 48276->48285 48283->48234 48284->48237 48287 7ffdfb69ccd0 48286->48287 48295 7ffdfb69ccea 48286->48295 48287->48295 48331 7ffdfb687018 11 API calls memcpy_s 48287->48331 48289 7ffdfb69ccdf 48332 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 48289->48332 48291 7ffdfb69cdb9 48302 7ffdfb69ce16 48291->48302 48337 7ffdfb69e9a8 47 API calls 2 library calls 48291->48337 48292 7ffdfb69cd68 48292->48291 48335 7ffdfb687018 11 API calls memcpy_s 48292->48335 48295->48292 48333 7ffdfb687018 11 API calls memcpy_s 48295->48333 48296 7ffdfb69ce12 48299 7ffdfb69ce94 48296->48299 48296->48302 48297 7ffdfb69cdae 48336 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 48297->48336 48338 7ffdfb681964 17 API calls __std_fs_directory_iterator_open 48299->48338 48301 7ffdfb69cd5d 48334 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 48301->48334 48302->48243 48302->48244 48339 7ffdfb689aa0 EnterCriticalSection 48306->48339 48318->48248 48319->48276 48331->48289 48332->48295 48333->48301 48334->48292 48335->48297 48336->48291 48337->48296 48341 7ffdfb681bcb 48340->48341 48342 7ffdfb681bf9 48340->48342 48353 7ffdfb681848 47 API calls _invalid_parameter_noinfo_noreturn 48341->48353 48349 7ffdfb681beb 48342->48349 48352 7ffdfb681b98 EnterCriticalSection 48342->48352 48345 7ffdfb681c10 48346 7ffdfb681c2c 74 API calls 48345->48346 48347 7ffdfb681c1c 48346->48347 48348 7ffdfb681ba4 _fread_nolock LeaveCriticalSection 48347->48348 48348->48349 48349->48209 48350->48210 48351->48212 48353->48349 48354 7ffdfb6736cc 48355 7ffdfb673704 __GSHandlerCheckCommon 48354->48355 48356 7ffdfb673730 48355->48356 48358 7ffdfb67559c 48355->48358 48367 7ffdfb675af4 48358->48367 48361 7ffdfb675af4 _CreateFrameInfo 56 API calls 48362 7ffdfb6755eb 48361->48362 48363 7ffdfb675af4 _CreateFrameInfo 56 API calls 48362->48363 48364 7ffdfb6755f4 __GSHandlerCheck_EH 48363->48364 48373 7ffdfb677c58 48364->48373 48378 7ffdfb675b10 48367->48378 48370 7ffdfb6755de 48370->48361 48372 7ffdfb675b0c 48392 7ffdfb6779bc 48373->48392 48376 7ffdfb675af4 _CreateFrameInfo 56 API calls 48377 7ffdfb675645 48376->48377 48377->48356 48379 7ffdfb675b2f GetLastError 48378->48379 48380 7ffdfb675afd 48378->48380 48391 7ffdfb6812fc 6 API calls __vcrt_FlsAlloc 48379->48391 48380->48370 48390 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48380->48390 48390->48372 48393 7ffdfb6779eb __except_validate_context_record 48392->48393 48394 7ffdfb675af4 _CreateFrameInfo 56 API calls 48393->48394 48395 7ffdfb6779f0 48394->48395 48396 7ffdfb677a40 48395->48396 48397 7ffdfb677b5a __GSHandlerCheck_EH 48395->48397 48409 7ffdfb677af9 48395->48409 48398 7ffdfb677b47 48396->48398 48400 7ffdfb677a9b __GSHandlerCheck_EH 48396->48400 48396->48409 48407 7ffdfb677b9f 48397->48407 48397->48409 48494 7ffdfb6754d0 48397->48494 48493 7ffdfb674c7c 56 API calls __GSHandlerCheck_EH 48398->48493 48402 7ffdfb677c4a 48400->48402 48403 7ffdfb677aeb 48400->48403 48497 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48402->48497 48410 7ffdfb678678 48403->48410 48406 7ffdfb677c4f 48407->48409 48437 7ffdfb676a90 48407->48437 48409->48376 48498 7ffdfb6754bc 48410->48498 48412 7ffdfb6786c6 __GSHandlerCheck_EH 48413 7ffdfb6786fe 48412->48413 48414 7ffdfb6786e7 48412->48414 48416 7ffdfb675af4 _CreateFrameInfo 56 API calls 48413->48416 48415 7ffdfb675af4 _CreateFrameInfo 56 API calls 48414->48415 48417 7ffdfb6786ec 48415->48417 48418 7ffdfb678703 48416->48418 48419 7ffdfb6786f6 48417->48419 48420 7ffdfb678979 48417->48420 48418->48419 48421 7ffdfb675af4 _CreateFrameInfo 56 API calls 48418->48421 48422 7ffdfb675af4 _CreateFrameInfo 56 API calls 48419->48422 48515 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48420->48515 48424 7ffdfb67870e 48421->48424 48434 7ffdfb678722 __CxxCallCatchBlock __GSHandlerCheck_EH 48422->48434 48426 7ffdfb675af4 _CreateFrameInfo 56 API calls 48424->48426 48425 7ffdfb67897e 48426->48419 48427 7ffdfb67893b 48428 7ffdfb675af4 _CreateFrameInfo 56 API calls 48427->48428 48429 7ffdfb678940 48428->48429 48430 7ffdfb67894b 48429->48430 48431 7ffdfb675af4 _CreateFrameInfo 56 API calls 48429->48431 48506 7ffdfb6737c0 48430->48506 48431->48430 48434->48427 48501 7ffdfb6814e0 48434->48501 48505 7ffdfb6754e4 56 API calls _CreateFrameInfo 48434->48505 48438 7ffdfb676aed __GSHandlerCheck_EH 48437->48438 48439 7ffdfb676b0c 48438->48439 48440 7ffdfb676af5 48438->48440 48442 7ffdfb675af4 _CreateFrameInfo 56 API calls 48439->48442 48441 7ffdfb675af4 _CreateFrameInfo 56 API calls 48440->48441 48451 7ffdfb676afa 48441->48451 48443 7ffdfb676b11 48442->48443 48445 7ffdfb675af4 _CreateFrameInfo 56 API calls 48443->48445 48443->48451 48447 7ffdfb676b1c 48445->48447 48446 7ffdfb676f90 48448 7ffdfb675af4 _CreateFrameInfo 56 API calls 48447->48448 48448->48451 48449 7ffdfb676c40 __GSHandlerCheck_EH 48450 7ffdfb676ee1 48449->48450 48455 7ffdfb676c7c __GSHandlerCheck_EH 48449->48455 48453 7ffdfb676edf 48450->48453 48476 7ffdfb676f8a 48450->48476 48558 7ffdfb677204 58 API calls 6 library calls 48450->48558 48451->48449 48452 7ffdfb675af4 _CreateFrameInfo 56 API calls 48451->48452 48451->48476 48456 7ffdfb676bac 48452->48456 48454 7ffdfb675af4 _CreateFrameInfo 56 API calls 48453->48454 48457 7ffdfb676f22 48454->48457 48458 7ffdfb676ec6 __GSHandlerCheck_EH 48455->48458 48478 7ffdfb6754d0 56 API calls BuildCatchObjectHelperInternal 48455->48478 48533 7ffdfb677638 48455->48533 48547 7ffdfb6764ec 48455->48547 48459 7ffdfb676f29 48456->48459 48462 7ffdfb675af4 _CreateFrameInfo 56 API calls 48456->48462 48457->48459 48457->48476 48458->48453 48490 7ffdfb676f72 48458->48490 48461 7ffdfb6737c0 DName::DName 8 API calls 48459->48461 48463 7ffdfb676f35 48461->48463 48464 7ffdfb676bbc 48462->48464 48463->48409 48465 7ffdfb675af4 _CreateFrameInfo 56 API calls 48464->48465 48466 7ffdfb676bc5 48465->48466 48555 7ffdfb6754fc 56 API calls _CreateFrameInfo 48466->48555 48468 7ffdfb675af4 _CreateFrameInfo 56 API calls 48470 7ffdfb676f78 48468->48470 48469 7ffdfb676bd7 48473 7ffdfb675af4 _CreateFrameInfo 56 API calls 48469->48473 48469->48476 48471 7ffdfb675af4 _CreateFrameInfo 56 API calls 48470->48471 48472 7ffdfb676f81 48471->48472 48565 7ffdfb683408 47 API calls 2 library calls 48472->48565 48475 7ffdfb676c02 48473->48475 48475->48449 48477 7ffdfb675af4 _CreateFrameInfo 56 API calls 48475->48477 48566 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48476->48566 48479 7ffdfb676c0e 48477->48479 48478->48455 48480 7ffdfb675af4 _CreateFrameInfo 56 API calls 48479->48480 48481 7ffdfb676c17 48480->48481 48556 7ffdfb678a18 56 API calls 4 library calls 48481->48556 48483 7ffdfb676c27 48483->48449 48485 7ffdfb676c2b 48483->48485 48557 7ffdfb678b08 56 API calls Is_bad_exception_allowed 48485->48557 48487 7ffdfb676f6c 48564 7ffdfb683408 47 API calls 2 library calls 48487->48564 48490->48468 48491 7ffdfb676c33 __CxxCallCatchBlock std::bad_alloc::bad_alloc 48491->48487 48559 7ffdfb6748f8 48491->48559 48493->48409 48495 7ffdfb675af4 _CreateFrameInfo 56 API calls 48494->48495 48496 7ffdfb6754d9 48495->48496 48496->48407 48497->48406 48499 7ffdfb675af4 _CreateFrameInfo 56 API calls 48498->48499 48500 7ffdfb6754c5 48499->48500 48500->48412 48502 7ffdfb681503 __CxxCallCatchBlock 48501->48502 48516 7ffdfb602bc0 48502->48516 48503 7ffdfb68150a __CxxCallCatchBlock 48503->48434 48505->48434 48507 7ffdfb6737c9 48506->48507 48508 7ffdfb6737d4 48507->48508 48509 7ffdfb674234 IsProcessorFeaturePresent 48507->48509 48508->48409 48510 7ffdfb67424c 48509->48510 48531 7ffdfb67442c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 48510->48531 48512 7ffdfb67425f 48532 7ffdfb674200 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 48512->48532 48515->48425 48517 7ffdfb602bd3 48516->48517 48518 7ffdfb602bf7 48516->48518 48517->48518 48524 7ffdfb681934 48517->48524 48518->48503 48520 7ffdfb602c1d 48521 7ffdfb602c4d 48520->48521 48522 7ffdfb60baf0 47 API calls 48520->48522 48523 7ffdfb60a420 47 API calls 48520->48523 48521->48503 48522->48521 48523->48521 48529 7ffdfb6817ac 47 API calls _invalid_parameter_noinfo_noreturn 48524->48529 48526 7ffdfb68194d 48530 7ffdfb681964 17 API calls __std_fs_directory_iterator_open 48526->48530 48529->48526 48531->48512 48534 7ffdfb677664 48533->48534 48546 7ffdfb6776f7 48533->48546 48535 7ffdfb6754bc Is_bad_exception_allowed 56 API calls 48534->48535 48536 7ffdfb67766d 48535->48536 48537 7ffdfb6754bc Is_bad_exception_allowed 56 API calls 48536->48537 48538 7ffdfb677686 48536->48538 48536->48546 48537->48538 48539 7ffdfb6776b6 48538->48539 48540 7ffdfb6754bc Is_bad_exception_allowed 56 API calls 48538->48540 48538->48546 48541 7ffdfb6754d0 BuildCatchObjectHelperInternal 56 API calls 48539->48541 48540->48539 48542 7ffdfb6776ca 48541->48542 48543 7ffdfb6776e3 48542->48543 48544 7ffdfb6754bc Is_bad_exception_allowed 56 API calls 48542->48544 48542->48546 48545 7ffdfb6754d0 BuildCatchObjectHelperInternal 56 API calls 48543->48545 48544->48543 48545->48546 48546->48455 48548 7ffdfb676529 __GSHandlerCheck_EH 48547->48548 48549 7ffdfb67654f 48548->48549 48570 7ffdfb676354 56 API calls 3 library calls 48548->48570 48551 7ffdfb6754bc Is_bad_exception_allowed 56 API calls 48549->48551 48552 7ffdfb676561 48551->48552 48567 7ffdfb675148 RtlUnwindEx 48552->48567 48555->48469 48556->48483 48557->48491 48558->48453 48560 7ffdfb674917 48559->48560 48561 7ffdfb674962 RaiseException 48560->48561 48562 7ffdfb674940 RtlPcToFileHeader 48560->48562 48561->48487 48563 7ffdfb674958 48562->48563 48563->48561 48566->48446 48568 7ffdfb6737c0 DName::DName 8 API calls 48567->48568 48569 7ffdfb67525e 48568->48569 48569->48455 48570->48549 48571 7ffdfb692a30 48572 7ffdfb692a7b 48571->48572 48576 7ffdfb692a3f _Getctype 48571->48576 48581 7ffdfb687018 11 API calls memcpy_s 48572->48581 48574 7ffdfb692a62 HeapAlloc 48575 7ffdfb692a79 48574->48575 48574->48576 48576->48572 48576->48574 48578 7ffdfb68a854 48576->48578 48582 7ffdfb68a894 48578->48582 48581->48575 48587 7ffdfb689aa0 EnterCriticalSection 48582->48587 48584 7ffdfb68a8a1 48585 7ffdfb689af4 __std_fs_directory_iterator_open LeaveCriticalSection 48584->48585 48586 7ffdfb68a866 48585->48586 48586->48576 48588 7ffdfb601390 48591 7ffdfb602e00 48588->48591 48590 7ffdfb6013a1 48594 7ffdfb604fb0 48591->48594 48593 7ffdfb602e09 48598 7ffdfb604790 48594->48598 48596 7ffdfb604fb9 48631 7ffdfb601aa0 48596->48631 48601 7ffdfb6047a5 memcpy_s UnDecorator::getSymbolName 48598->48601 48599 7ffdfb6049c2 48600 7ffdfb6737c0 DName::DName 8 API calls 48599->48600 48602 7ffdfb6049d2 48600->48602 48601->48599 48603 7ffdfb6047db GetModuleFileNameW 48601->48603 48602->48596 48604 7ffdfb604802 48603->48604 48605 7ffdfb604807 SetCurrentDirectoryW 48604->48605 48606 7ffdfb604815 48604->48606 48605->48606 48641 7ffdfb67329c 48606->48641 48609 7ffdfb604842 48611 7ffdfb604888 48609->48611 48612 7ffdfb6049e7 48609->48612 48613 7ffdfb604877 48609->48613 48678 7ffdfb606b40 48611->48678 48725 7ffdfb683408 47 API calls 2 library calls 48612->48725 48721 7ffdfb602c90 47 API calls _invalid_parameter_noinfo_noreturn 48613->48721 48618 7ffdfb604880 48722 7ffdfb619f80 55 API calls 3 library calls 48618->48722 48622 7ffdfb6048b3 48683 7ffdfb60bca0 48622->48683 48626 7ffdfb604936 48688 7ffdfb605200 48626->48688 48628 7ffdfb604999 48628->48599 48707 7ffdfb608250 CreateThread 48628->48707 48711 7ffdfb60bef0 48628->48711 49483 7ffdfb604ae0 48631->49483 48635 7ffdfb601c13 48635->48596 48636 7ffdfb601abf 48636->48635 48637 7ffdfb601bb2 Sleep 48636->48637 48638 7ffdfb601be5 Sleep SleepEx 48636->48638 48639 7ffdfb601bd4 Sleep 48636->48639 49488 7ffdfb670eb0 48636->49488 49491 7ffdfb670e94 QueryPerformanceCounter 48636->49491 48637->48636 48638->48635 48639->48636 48643 7ffdfb6732a7 48641->48643 48642 7ffdfb60481f 48642->48609 48650 7ffdfb6192b0 48642->48650 48643->48642 48644 7ffdfb68a854 _Getctype 2 API calls 48643->48644 48645 7ffdfb6732c6 48643->48645 48644->48643 48646 7ffdfb6732d1 48645->48646 48726 7ffdfb670de0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 48645->48726 48727 7ffdfb6040c0 48646->48727 48651 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48650->48651 48654 7ffdfb6192f8 memcpy_s 48651->48654 48652 7ffdfb61931d 48738 7ffdfb632880 48652->48738 48654->48652 48731 7ffdfb619b10 48654->48731 48656 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48657 7ffdfb6199af 48656->48657 48759 7ffdfb683b50 48657->48759 48660 7ffdfb619adf 48778 7ffdfb671c68 52 API calls 2 library calls 48660->48778 48661 7ffdfb619ada 48777 7ffdfb683408 47 API calls 2 library calls 48661->48777 48663 7ffdfb619aef 48779 7ffdfb683408 47 API calls 2 library calls 48663->48779 48665 7ffdfb619a2c 48667 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48665->48667 48666 7ffdfb61932e 48666->48656 48668 7ffdfb619a36 48667->48668 48671 7ffdfb683b50 52 API calls 48668->48671 48670 7ffdfb619af5 48780 7ffdfb671c68 52 API calls 2 library calls 48670->48780 48673 7ffdfb619a75 48671->48673 48673->48663 48673->48670 48675 7ffdfb619aa7 48673->48675 48676 7ffdfb6737c0 DName::DName 8 API calls 48675->48676 48677 7ffdfb619ab9 48676->48677 48677->48609 48679 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48678->48679 48680 7ffdfb606b5c 48679->48680 48681 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48680->48681 48682 7ffdfb6048a6 48680->48682 48681->48682 48682->48622 48723 7ffdfb601540 49 API calls 3 library calls 48682->48723 48684 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48683->48684 48685 7ffdfb60bcbc 48684->48685 48686 7ffdfb604929 48685->48686 48687 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48685->48687 48686->48626 48724 7ffdfb601540 49 API calls 3 library calls 48686->48724 48687->48686 48689 7ffdfb605222 UnDecorator::getSymbolName 48688->48689 49247 7ffdfb601f60 48689->49247 48691 7ffdfb605277 48692 7ffdfb605289 48691->48692 48693 7ffdfb6052a4 48691->48693 49283 7ffdfb604e60 219 API calls Concurrency::cancel_current_task 48692->49283 48695 7ffdfb6718bc 54 API calls 48693->48695 48698 7ffdfb6052a9 48695->48698 48696 7ffdfb6029e0 81 API calls 48697 7ffdfb60542a 48696->48697 48700 7ffdfb6737c0 DName::DName 8 API calls 48697->48700 49265 7ffdfb602190 48698->49265 48702 7ffdfb605470 48700->48702 48701 7ffdfb605362 48703 7ffdfb605381 48701->48703 49284 7ffdfb6058a0 68 API calls 3 library calls 48701->49284 48702->48628 48705 7ffdfb6029e0 81 API calls 48703->48705 48706 7ffdfb60529f 48705->48706 48706->48696 48708 7ffdfb608281 48707->48708 48709 7ffdfb608292 48707->48709 49480 7ffdfb683854 14 API calls 5 library calls 48708->49480 48709->48628 48712 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48711->48712 48713 7ffdfb60bf03 48712->48713 48714 7ffdfb683b50 52 API calls 48713->48714 48715 7ffdfb60bf3c 48714->48715 48716 7ffdfb60bf62 48715->48716 48717 7ffdfb60bf4c 48715->48717 49481 7ffdfb683408 47 API calls 2 library calls 48715->49481 49482 7ffdfb671c68 52 API calls 2 library calls 48716->49482 48717->48628 48721->48618 48722->48611 48723->48622 48724->48626 48728 7ffdfb6040ce Concurrency::cancel_current_task 48727->48728 48729 7ffdfb6748f8 Concurrency::cancel_current_task 2 API calls 48728->48729 48730 7ffdfb6040df 48729->48730 48781 7ffdfb630ee0 48731->48781 48736 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48737 7ffdfb619bad 48736->48737 48737->48652 48739 7ffdfb630b70 4 API calls 48738->48739 48740 7ffdfb6328a6 48739->48740 48741 7ffdfb632330 57 API calls 48740->48741 48742 7ffdfb6328b1 48741->48742 49146 7ffdfb6313f0 48742->49146 48744 7ffdfb6328c1 48745 7ffdfb60baf0 47 API calls 48744->48745 48746 7ffdfb6328cb 48745->48746 49151 7ffdfb6330b0 48746->49151 48749 7ffdfb632908 48752 7ffdfb632922 48749->48752 49193 7ffdfb6316c0 47 API calls 48749->49193 48751 7ffdfb6328df 48751->48749 49191 7ffdfb632940 219 API calls 48751->49191 48754 7ffdfb6737c0 DName::DName 8 API calls 48752->48754 48756 7ffdfb632933 48754->48756 48756->48666 48757 7ffdfb6328ec 48757->48749 49192 7ffdfb6316c0 47 API calls 48757->49192 48760 7ffdfb683b70 48759->48760 48761 7ffdfb683b87 48759->48761 49229 7ffdfb687018 11 API calls memcpy_s 48760->49229 49222 7ffdfb683aec 48761->49222 48764 7ffdfb683b75 49230 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 48764->49230 48767 7ffdfb6199ee 48767->48660 48767->48661 48767->48665 48768 7ffdfb683b9a CreateThread 48768->48767 48769 7ffdfb683bca GetLastError 48768->48769 49231 7ffdfb686f8c 11 API calls 2 library calls 48769->49231 48771 7ffdfb683bd7 48772 7ffdfb683be0 CloseHandle 48771->48772 48773 7ffdfb683be6 48771->48773 48772->48773 48774 7ffdfb683bef FreeLibrary 48773->48774 48775 7ffdfb683bf5 48773->48775 48774->48775 49232 7ffdfb68f150 48775->49232 48815 7ffdfb630b70 48781->48815 48785 7ffdfb63101d 48826 7ffdfb632330 48785->48826 48786 7ffdfb630f3a 48898 7ffdfb62f6a0 47 API calls _invalid_parameter_noinfo_noreturn 48786->48898 48792 7ffdfb630f4f 48899 7ffdfb62f560 47 API calls 48792->48899 48794 7ffdfb630f72 48900 7ffdfb62f5e0 47 API calls _invalid_parameter_noinfo_noreturn 48794->48900 48796 7ffdfb6310e7 48798 7ffdfb631101 48796->48798 48887 7ffdfb671f90 CreateDirectoryW 48796->48887 48797 7ffdfb63115b 48902 7ffdfb60b940 57 API calls Concurrency::cancel_current_task 48797->48902 48892 7ffdfb60baf0 48798->48892 48804 7ffdfb63112e 48805 7ffdfb6737c0 DName::DName 8 API calls 48804->48805 48806 7ffdfb619b33 48805->48806 48811 7ffdfb673b5c 48806->48811 48807 7ffdfb630f95 48808 7ffdfb630fe6 48807->48808 48809 7ffdfb631156 48807->48809 48808->48785 48901 7ffdfb6316c0 47 API calls 48808->48901 48810 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 48809->48810 48810->48797 48812 7ffdfb673b8d 48811->48812 48813 7ffdfb619b60 48812->48813 49078 7ffdfb6237b0 48812->49078 48813->48736 48816 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48815->48816 48817 7ffdfb630b8b 48816->48817 48818 7ffdfb630c7a 48817->48818 48819 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48817->48819 48818->48808 48897 7ffdfb623c30 47 API calls _invalid_parameter_noinfo_noreturn 48818->48897 48820 7ffdfb630bf0 48819->48820 48821 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48820->48821 48822 7ffdfb630c1e 48821->48822 48823 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48822->48823 48824 7ffdfb630c4c 48823->48824 48825 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48824->48825 48825->48818 48903 7ffdfb6320c0 48826->48903 48828 7ffdfb632373 48830 7ffdfb6323ff 48828->48830 48937 7ffdfb6018c0 49 API calls 4 library calls 48828->48937 48912 7ffdfb6086e0 48830->48912 48834 7ffdfb632440 48835 7ffdfb60baf0 47 API calls 48834->48835 48836 7ffdfb63244a 48835->48836 48838 7ffdfb6324b8 48836->48838 48839 7ffdfb63247d 48836->48839 48837 7ffdfb60baf0 47 API calls 48840 7ffdfb63248c 48837->48840 48842 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 48838->48842 48839->48837 48841 7ffdfb6737c0 DName::DName 8 API calls 48840->48841 48843 7ffdfb631026 48841->48843 48844 7ffdfb6324bd 48842->48844 48845 7ffdfb6720f8 48843->48845 48846 7ffdfb67213a 48845->48846 48847 7ffdfb672200 48846->48847 48850 7ffdfb67219b GetFileAttributesExW 48846->48850 48858 7ffdfb672143 48846->48858 48847->48858 49071 7ffdfb672428 CreateFileW 48847->49071 48848 7ffdfb6737c0 DName::DName 8 API calls 48851 7ffdfb63104a 48848->48851 48850->48847 48853 7ffdfb6721af GetLastError 48850->48853 48851->48796 48851->48797 48856 7ffdfb6721be FindFirstFileW 48853->48856 48853->48858 48854 7ffdfb67229e 48859 7ffdfb6722ad GetFileInformationByHandleEx 48854->48859 48860 7ffdfb67234b 48854->48860 48855 7ffdfb67227e 48857 7ffdfb672289 CloseHandle 48855->48857 48855->48858 48861 7ffdfb6721d2 GetLastError 48856->48861 48862 7ffdfb6721dd FindClose 48856->48862 48857->48858 48863 7ffdfb67240d 48857->48863 48858->48848 48866 7ffdfb6722ed 48859->48866 48867 7ffdfb6722c7 GetLastError 48859->48867 48864 7ffdfb6723a0 48860->48864 48865 7ffdfb672366 GetFileInformationByHandleEx 48860->48865 48861->48858 48862->48847 49074 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48863->49074 48871 7ffdfb6723f3 48864->48871 48872 7ffdfb6723b7 48864->48872 48865->48864 48869 7ffdfb67237c GetLastError 48865->48869 48866->48860 48878 7ffdfb67230e GetFileInformationByHandleEx 48866->48878 48867->48858 48870 7ffdfb6722d5 CloseHandle 48867->48870 48869->48858 48875 7ffdfb67238e CloseHandle 48869->48875 48870->48858 48876 7ffdfb67241e 48870->48876 48871->48858 48873 7ffdfb6723f9 CloseHandle 48871->48873 48872->48858 48877 7ffdfb6723bd CloseHandle 48872->48877 48873->48858 48873->48863 48874 7ffdfb672412 49075 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48874->49075 48879 7ffdfb672349 48875->48879 48880 7ffdfb672418 48875->48880 49077 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48876->49077 48877->48858 48877->48863 48878->48860 48882 7ffdfb67232a GetLastError 48878->48882 48879->48858 49076 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 48880->49076 48882->48858 48886 7ffdfb672338 CloseHandle 48882->48886 48885 7ffdfb672424 48886->48874 48886->48879 48888 7ffdfb671fb5 GetLastError 48887->48888 48891 7ffdfb671fa9 48887->48891 48889 7ffdfb671fc6 48888->48889 48888->48891 48890 7ffdfb6720f8 66 API calls 48889->48890 48890->48891 48891->48798 48893 7ffdfb60bb2c 48892->48893 48894 7ffdfb60bb03 48892->48894 48893->48804 48894->48893 48895 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 48894->48895 48896 7ffdfb60bb50 48895->48896 48897->48786 48898->48792 48899->48794 48900->48807 48901->48785 48938 7ffdfb609550 48903->48938 48906 7ffdfb63211c 48907 7ffdfb609550 49 API calls 48906->48907 48908 7ffdfb6321c4 48906->48908 48966 7ffdfb6720bc GetCurrentDirectoryW 48906->48966 48907->48906 48909 7ffdfb6321ef 48908->48909 48970 7ffdfb631b60 52 API calls Concurrency::cancel_current_task 48908->48970 48909->48828 48974 7ffdfb671d30 48912->48974 48915 7ffdfb608799 48928 7ffdfb631490 48915->48928 48916 7ffdfb6087b8 48983 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 48916->48983 48919 7ffdfb608756 48920 7ffdfb6087c3 48919->48920 48980 7ffdfb60c1d0 49 API calls 48919->48980 48984 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 48920->48984 48924 7ffdfb60876f 48981 7ffdfb671d58 MultiByteToWideChar GetLastError 48924->48981 48926 7ffdfb60878e 48926->48915 48982 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 48926->48982 48931 7ffdfb6314c8 48928->48931 48929 7ffdfb6315e7 48991 7ffdfb609fa0 48929->48991 48931->48929 48934 7ffdfb63150e 48931->48934 48932 7ffdfb6315ec 49019 7ffdfb60a840 48932->49019 48936 7ffdfb631571 _Yarn 48934->48936 48990 7ffdfb6304b0 49 API calls 4 library calls 48934->48990 48936->48834 48937->48828 48939 7ffdfb6096fa 48938->48939 48941 7ffdfb60957e 48938->48941 48971 7ffdfb604120 48939->48971 48942 7ffdfb6096f4 48941->48942 48943 7ffdfb609600 48941->48943 48944 7ffdfb60962c 48941->48944 48955 7ffdfb6095e4 _Yarn 48941->48955 48945 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 48942->48945 48943->48942 48948 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48943->48948 48947 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48944->48947 48945->48939 48946 7ffdfb609898 48950 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 48946->48950 48947->48955 48948->48955 48949 7ffdfb609700 48949->48946 48952 7ffdfb609892 48949->48952 48953 7ffdfb6097ed 48949->48953 48954 7ffdfb6097c1 48949->48954 48965 7ffdfb6097a5 _Yarn 48949->48965 48951 7ffdfb60989e 48950->48951 48960 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 48951->48960 48957 7ffdfb6040c0 Concurrency::cancel_current_task RtlPcToFileHeader RaiseException 48952->48957 48956 7ffdfb67329c std::bad_exception::bad_exception RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 48953->48956 48954->48952 48959 7ffdfb67329c std::bad_exception::bad_exception RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 48954->48959 48958 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 48955->48958 48963 7ffdfb609699 _Yarn 48955->48963 48956->48965 48957->48946 48958->48942 48959->48965 48962 7ffdfb6099eb 48960->48962 48961 7ffdfb609848 _Yarn 48961->48906 48963->48906 48964 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 48964->48952 48965->48961 48965->48964 48967 7ffdfb6720dd GetLastError 48966->48967 48968 7ffdfb6720ce 48966->48968 48969 7ffdfb6720d2 48967->48969 48968->48967 48968->48969 48969->48906 48972 7ffdfb670e20 std::bad_exception::bad_exception 49 API calls 48971->48972 48973 7ffdfb604130 48972->48973 48985 7ffdfb689e94 48974->48985 48977 7ffdfb671d42 AreFileApisANSI 48978 7ffdfb608708 48977->48978 48978->48915 48978->48916 48979 7ffdfb671d58 MultiByteToWideChar GetLastError 48978->48979 48979->48919 48980->48924 48981->48926 48986 7ffdfb68d570 _Getctype 47 API calls 48985->48986 48987 7ffdfb689e9d 48986->48987 48988 7ffdfb692b00 _Getctype 47 API calls 48987->48988 48989 7ffdfb671d39 48988->48989 48989->48977 48989->48978 48990->48936 48993 7ffdfb609fd5 48991->48993 48992 7ffdfb60a0c4 48994 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 48992->48994 48993->48992 48995 7ffdfb60a0be 48993->48995 48997 7ffdfb609ff1 _Yarn 48993->48997 48998 7ffdfb60a07e 48993->48998 48999 7ffdfb60a057 48993->48999 49001 7ffdfb60a0ca 48994->49001 48996 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 48995->48996 48996->48992 48997->48932 49002 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48998->49002 48999->48995 49004 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 48999->49004 49005 7ffdfb60a15d 49001->49005 49007 7ffdfb60a1b6 49001->49007 49002->48997 49006 7ffdfb60a068 49004->49006 49030 7ffdfb60b730 49005->49030 49006->48997 49009 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49006->49009 49008 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49007->49008 49010 7ffdfb60a1bb 49008->49010 49009->48995 49044 7ffdfb674840 49010->49044 49012 7ffdfb60a1f2 49013 7ffdfb609fa0 49 API calls 49012->49013 49014 7ffdfb60a21b 49013->49014 49015 7ffdfb609fa0 49 API calls 49014->49015 49016 7ffdfb60a229 49015->49016 49048 7ffdfb609e40 49 API calls 4 library calls 49016->49048 49018 7ffdfb60a237 49018->48932 49020 7ffdfb60a862 49019->49020 49021 7ffdfb60a976 49020->49021 49025 7ffdfb60a94e 49020->49025 49028 7ffdfb60a866 49020->49028 49022 7ffdfb60a987 49021->49022 49023 7ffdfb60aa1d 49021->49023 49065 7ffdfb60bba0 49022->49065 49070 7ffdfb60bb80 49 API calls 49023->49070 49025->49022 49049 7ffdfb609710 49025->49049 49028->48936 49031 7ffdfb60b778 49030->49031 49032 7ffdfb6085b0 49 API calls 49031->49032 49033 7ffdfb60b7d6 49032->49033 49036 7ffdfb60a840 49 API calls 49033->49036 49043 7ffdfb60b8d7 49033->49043 49034 7ffdfb60bb80 49 API calls 49035 7ffdfb60b8dd 49034->49035 49038 7ffdfb60b86c 49036->49038 49037 7ffdfb60b8a6 49039 7ffdfb6737c0 DName::DName 8 API calls 49037->49039 49038->49037 49040 7ffdfb60b8d2 49038->49040 49041 7ffdfb60a19d 49039->49041 49042 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49040->49042 49041->48932 49042->49043 49043->49034 49045 7ffdfb674861 49044->49045 49047 7ffdfb674896 __std_exception_copy 49044->49047 49046 7ffdfb68c53c __std_exception_copy 47 API calls 49045->49046 49045->49047 49046->49047 49047->49012 49048->49018 49050 7ffdfb609898 49049->49050 49053 7ffdfb60973f 49049->49053 49051 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 49050->49051 49052 7ffdfb60989e 49051->49052 49060 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 49052->49060 49054 7ffdfb609892 49053->49054 49055 7ffdfb6097ed 49053->49055 49056 7ffdfb6097c1 49053->49056 49064 7ffdfb6097a5 _Yarn 49053->49064 49058 7ffdfb6040c0 Concurrency::cancel_current_task RtlPcToFileHeader RaiseException 49054->49058 49057 7ffdfb67329c std::bad_exception::bad_exception RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 49055->49057 49056->49054 49059 7ffdfb67329c std::bad_exception::bad_exception RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 49056->49059 49057->49064 49058->49050 49059->49064 49062 7ffdfb6099eb 49060->49062 49061 7ffdfb609848 _Yarn 49061->49022 49063 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49063->49054 49064->49061 49064->49063 49066 7ffdfb60bc03 49065->49066 49069 7ffdfb60bbbf _Yarn 49065->49069 49067 7ffdfb609390 49 API calls 49066->49067 49068 7ffdfb60bc1c 49067->49068 49068->49028 49069->49028 49072 7ffdfb672278 49071->49072 49073 7ffdfb67246a GetLastError 49071->49073 49072->48854 49072->48855 49073->49072 49074->48874 49075->48880 49076->48876 49077->48885 49079 7ffdfb6237ec 49078->49079 49080 7ffdfb623824 _Yarn 49078->49080 49079->49080 49082 7ffdfb623832 49079->49082 49083 7ffdfb623811 49079->49083 49092 7ffdfb62388b 49079->49092 49080->48812 49085 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49082->49085 49084 7ffdfb623891 49083->49084 49086 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49083->49086 49087 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 49084->49087 49085->49080 49088 7ffdfb62381f 49086->49088 49089 7ffdfb623897 UnDecorator::getSymbolName 49087->49089 49088->49080 49090 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49088->49090 49100 7ffdfb636870 49089->49100 49090->49092 49120 7ffdfb604140 49 API calls std::bad_exception::bad_exception 49092->49120 49094 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49095 7ffdfb623918 49094->49095 49114 7ffdfb6718bc 49095->49114 49097 7ffdfb623954 49097->49097 49098 7ffdfb6737c0 DName::DName 8 API calls 49097->49098 49099 7ffdfb623a60 49098->49099 49099->48812 49101 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49100->49101 49102 7ffdfb636898 49101->49102 49103 7ffdfb6368e8 49102->49103 49121 7ffdfb673d60 AcquireSRWLockExclusive 49102->49121 49105 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49103->49105 49107 7ffdfb6368f2 49105->49107 49106 7ffdfb636950 49106->49103 49108 7ffdfb636959 WSAStartup 49106->49108 49110 7ffdfb6737c0 DName::DName 8 API calls 49107->49110 49109 7ffdfb673638 50 API calls 49108->49109 49111 7ffdfb636975 49109->49111 49112 7ffdfb6238d7 49110->49112 49113 7ffdfb673cf4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 49111->49113 49112->49094 49113->49103 49126 7ffdfb68a610 49114->49126 49117 7ffdfb6718ce 49117->49097 49122 7ffdfb673d76 49121->49122 49123 7ffdfb673d7b ReleaseSRWLockExclusive 49122->49123 49125 7ffdfb673d80 SleepConditionVariableSRW 49122->49125 49125->49122 49127 7ffdfb68a619 49126->49127 49128 7ffdfb68a630 49126->49128 49144 7ffdfb687018 11 API calls memcpy_s 49127->49144 49139 7ffdfb68fa54 49128->49139 49131 7ffdfb68a61e 49145 7ffdfb681914 47 API calls _invalid_parameter_noinfo_noreturn 49131->49145 49134 7ffdfb6718ca 49134->49117 49138 7ffdfb670e44 49 API calls Concurrency::cancel_current_task 49134->49138 49140 7ffdfb68f2b8 __crtLCMapStringW 5 API calls 49139->49140 49141 7ffdfb68fa82 49140->49141 49142 7ffdfb68a7f4 __std_fs_directory_iterator_open 47 API calls 49141->49142 49143 7ffdfb68faac 49142->49143 49144->49131 49145->49134 49147 7ffdfb631438 49146->49147 49148 7ffdfb631405 49146->49148 49147->48744 49148->49147 49149 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49148->49149 49150 7ffdfb631481 49149->49150 49152 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49151->49152 49153 7ffdfb63310c 49152->49153 49155 7ffdfb6331e2 49153->49155 49194 7ffdfb6018c0 49 API calls 4 library calls 49153->49194 49156 7ffdfb6086e0 52 API calls 49155->49156 49157 7ffdfb63321e 49156->49157 49158 7ffdfb631490 49 API calls 49157->49158 49159 7ffdfb63323c 49158->49159 49160 7ffdfb60baf0 47 API calls 49159->49160 49161 7ffdfb633249 49160->49161 49162 7ffdfb6720f8 66 API calls 49161->49162 49163 7ffdfb6337a6 49161->49163 49166 7ffdfb6332d3 49162->49166 49164 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49163->49164 49165 7ffdfb6337ac 49164->49165 49207 7ffdfb61c7a0 49165->49207 49167 7ffdfb6336ed 49166->49167 49168 7ffdfb63337a 49166->49168 49170 7ffdfb63378c 49167->49170 49180 7ffdfb6336b3 49167->49180 49168->49180 49195 7ffdfb609b30 219 API calls 2 library calls 49168->49195 49206 7ffdfb60b940 57 API calls Concurrency::cancel_current_task 49170->49206 49174 7ffdfb60baf0 47 API calls 49182 7ffdfb633705 49174->49182 49175 7ffdfb6333b4 49188 7ffdfb633433 49175->49188 49196 7ffdfb635760 90 API calls Concurrency::cancel_current_task 49175->49196 49177 7ffdfb6333fe 49197 7ffdfb635960 90 API calls 49177->49197 49180->49174 49181 7ffdfb6737c0 DName::DName 8 API calls 49185 7ffdfb6328d3 49181->49185 49182->49181 49183 7ffdfb63340c 49198 7ffdfb635760 90 API calls Concurrency::cancel_current_task 49183->49198 49185->48749 49190 7ffdfb634220 219 API calls 2 library calls 49185->49190 49186 7ffdfb63341a 49186->49165 49186->49188 49189 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49186->49189 49199 7ffdfb604e60 219 API calls Concurrency::cancel_current_task 49186->49199 49200 7ffdfb6029e0 49188->49200 49189->49186 49190->48751 49191->48757 49192->48749 49193->48752 49194->49153 49195->49175 49196->49177 49197->49183 49198->49186 49199->49186 49201 7ffdfb6029fd 49200->49201 49202 7ffdfb602a7f 49201->49202 49210 7ffdfb6035a0 49201->49210 49202->49180 49204 7ffdfb602a73 49205 7ffdfb681cd4 76 API calls 49204->49205 49205->49202 49221 7ffdfb670e20 49 API calls 2 library calls 49207->49221 49211 7ffdfb6035c3 49210->49211 49212 7ffdfb603672 49210->49212 49211->49212 49213 7ffdfb6035cd 49211->49213 49214 7ffdfb6737c0 DName::DName 8 API calls 49212->49214 49218 7ffdfb603611 49213->49218 49220 7ffdfb682f8c 78 API calls _invalid_parameter_noinfo_noreturn 49213->49220 49215 7ffdfb603681 49214->49215 49215->49204 49216 7ffdfb6737c0 DName::DName 8 API calls 49217 7ffdfb60362e 49216->49217 49217->49204 49218->49216 49220->49218 49238 7ffdfb68f18c 49222->49238 49225 7ffdfb68f150 __free_lconv_num 11 API calls 49226 7ffdfb683b18 49225->49226 49227 7ffdfb683b21 GetModuleHandleExW 49226->49227 49228 7ffdfb683b1d 49226->49228 49227->49228 49228->48767 49228->48768 49229->48764 49230->48767 49231->48771 49233 7ffdfb68f155 RtlFreeHeap 49232->49233 49234 7ffdfb68f184 49232->49234 49233->49234 49235 7ffdfb68f170 GetLastError 49233->49235 49234->48767 49236 7ffdfb68f17d __free_lconv_num 49235->49236 49246 7ffdfb687018 11 API calls memcpy_s 49236->49246 49243 7ffdfb68f19d _Getctype 49238->49243 49239 7ffdfb68f1ee 49245 7ffdfb687018 11 API calls memcpy_s 49239->49245 49240 7ffdfb68f1d2 HeapAlloc 49241 7ffdfb683b0e 49240->49241 49240->49243 49241->49225 49243->49239 49243->49240 49244 7ffdfb68a854 _Getctype 2 API calls 49243->49244 49244->49243 49245->49241 49246->49234 49248 7ffdfb601f95 49247->49248 49285 7ffdfb604620 49248->49285 49250 7ffdfb60203c 49333 7ffdfb601e50 49250->49333 49255 7ffdfb60208d 49344 7ffdfb603a00 47 API calls 49255->49344 49256 7ffdfb60210a 49264 7ffdfb6020c0 49256->49264 49346 7ffdfb6027b0 49256->49346 49258 7ffdfb60209f 49345 7ffdfb601c30 86 API calls 2 library calls 49258->49345 49260 7ffdfb602174 49262 7ffdfb6748f8 Concurrency::cancel_current_task 2 API calls 49260->49262 49263 7ffdfb602185 49262->49263 49264->48691 49266 7ffdfb6021c2 49265->49266 49267 7ffdfb604620 219 API calls 49266->49267 49268 7ffdfb602263 49267->49268 49269 7ffdfb601e50 57 API calls 49268->49269 49270 7ffdfb602290 49269->49270 49271 7ffdfb6718e4 78 API calls 49270->49271 49274 7ffdfb602331 49270->49274 49272 7ffdfb6022af 49271->49272 49273 7ffdfb6022b4 49272->49273 49272->49274 49478 7ffdfb603a00 47 API calls 49273->49478 49277 7ffdfb6027b0 52 API calls 49274->49277 49281 7ffdfb6022e7 49274->49281 49276 7ffdfb6022c6 49479 7ffdfb601c30 86 API calls 2 library calls 49276->49479 49278 7ffdfb60239b 49277->49278 49279 7ffdfb6748f8 Concurrency::cancel_current_task 2 API calls 49278->49279 49282 7ffdfb6023ac 49279->49282 49281->48701 49283->48706 49284->48703 49360 7ffdfb6041f0 49285->49360 49287 7ffdfb604675 49288 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49287->49288 49289 7ffdfb60467f 49288->49289 49290 7ffdfb60468e 49289->49290 49386 7ffdfb671144 57 API calls 5 library calls 49289->49386 49369 7ffdfb601d40 49290->49369 49293 7ffdfb60470f 49295 7ffdfb60471c 49293->49295 49387 7ffdfb671750 7 API calls 2 library calls 49293->49387 49295->49250 49297 7ffdfb604737 49298 7ffdfb6027b0 52 API calls 49297->49298 49299 7ffdfb604777 49298->49299 49300 7ffdfb6748f8 Concurrency::cancel_current_task 2 API calls 49299->49300 49301 7ffdfb604788 memcpy_s UnDecorator::getSymbolName 49300->49301 49302 7ffdfb6049c2 49301->49302 49305 7ffdfb6047db GetModuleFileNameW 49301->49305 49303 7ffdfb6737c0 DName::DName 8 API calls 49302->49303 49304 7ffdfb6049d2 49303->49304 49304->49250 49306 7ffdfb604802 49305->49306 49307 7ffdfb604807 SetCurrentDirectoryW 49306->49307 49308 7ffdfb604815 49306->49308 49307->49308 49309 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49308->49309 49310 7ffdfb60481f 49309->49310 49311 7ffdfb604842 49310->49311 49312 7ffdfb6192b0 217 API calls 49310->49312 49313 7ffdfb6049e7 49311->49313 49314 7ffdfb604877 49311->49314 49323 7ffdfb604888 49311->49323 49312->49311 49392 7ffdfb683408 47 API calls 2 library calls 49313->49392 49388 7ffdfb602c90 47 API calls _invalid_parameter_noinfo_noreturn 49314->49388 49315 7ffdfb606b40 4 API calls 49318 7ffdfb6048a6 49315->49318 49324 7ffdfb6048b3 49318->49324 49390 7ffdfb601540 49 API calls 3 library calls 49318->49390 49319 7ffdfb604880 49389 7ffdfb619f80 55 API calls 3 library calls 49319->49389 49323->49315 49325 7ffdfb60bca0 4 API calls 49324->49325 49326 7ffdfb604929 49325->49326 49328 7ffdfb604936 49326->49328 49391 7ffdfb601540 49 API calls 3 library calls 49326->49391 49329 7ffdfb605200 217 API calls 49328->49329 49330 7ffdfb604999 49329->49330 49330->49302 49331 7ffdfb608250 15 API calls 49330->49331 49332 7ffdfb60bef0 57 API calls 49330->49332 49331->49330 49332->49330 49334 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49333->49334 49335 7ffdfb601ec8 49334->49335 49337 7ffdfb601ed7 49335->49337 49405 7ffdfb671144 57 API calls 5 library calls 49335->49405 49337->49256 49338 7ffdfb6718e4 49337->49338 49340 7ffdfb67192a 49338->49340 49339 7ffdfb602088 49339->49255 49339->49256 49340->49339 49406 7ffdfb682b80 75 API calls _invalid_parameter_noinfo_noreturn 49340->49406 49342 7ffdfb671978 49342->49339 49343 7ffdfb681cd4 76 API calls 49342->49343 49343->49339 49344->49258 49345->49264 49347 7ffdfb6027f0 49346->49347 49347->49347 49407 7ffdfb6013b0 49347->49407 49349 7ffdfb602804 49421 7ffdfb6023b0 49349->49421 49351 7ffdfb60281d 49352 7ffdfb602852 49351->49352 49354 7ffdfb60287c 49351->49354 49353 7ffdfb6737c0 DName::DName 8 API calls 49352->49353 49355 7ffdfb602871 49353->49355 49356 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49354->49356 49355->49260 49357 7ffdfb602881 49356->49357 49358 7ffdfb674840 __std_exception_copy 47 API calls 49357->49358 49359 7ffdfb6028b9 49358->49359 49359->49260 49361 7ffdfb6041ff 49360->49361 49362 7ffdfb604204 49360->49362 49361->49287 49363 7ffdfb6027b0 52 API calls 49362->49363 49364 7ffdfb60424b 49363->49364 49365 7ffdfb6748f8 Concurrency::cancel_current_task 2 API calls 49364->49365 49366 7ffdfb60425c 49365->49366 49367 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49366->49367 49368 7ffdfb6042b0 49367->49368 49368->49287 49393 7ffdfb670bd8 49369->49393 49371 7ffdfb601d5a 49372 7ffdfb670bd8 std::_Lockit::_Lockit 6 API calls 49371->49372 49377 7ffdfb601da9 49371->49377 49373 7ffdfb601d7f 49372->49373 49378 7ffdfb670c50 std::_Lockit::~_Lockit LeaveCriticalSection 49373->49378 49374 7ffdfb601df6 49397 7ffdfb670c50 49374->49397 49376 7ffdfb601e3a 49376->49293 49376->49297 49377->49374 49401 7ffdfb603830 85 API calls 6 library calls 49377->49401 49378->49377 49380 7ffdfb601e08 49381 7ffdfb601e48 49380->49381 49382 7ffdfb601e0e 49380->49382 49403 7ffdfb6040e0 LeaveCriticalSection RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 49381->49403 49402 7ffdfb671100 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 49382->49402 49385 7ffdfb601e4d 49386->49290 49387->49295 49388->49319 49389->49323 49390->49324 49391->49328 49394 7ffdfb670bec 49393->49394 49395 7ffdfb670be7 49393->49395 49394->49371 49404 7ffdfb689b10 6 API calls std::_Locinfo::_Locinfo_ctor 49395->49404 49398 7ffdfb670c64 49397->49398 49399 7ffdfb670c5b LeaveCriticalSection 49397->49399 49398->49376 49401->49380 49402->49374 49403->49385 49405->49337 49406->49342 49408 7ffdfb6014b7 49407->49408 49411 7ffdfb6013e1 49407->49411 49409 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 49408->49409 49410 7ffdfb6014bd 49409->49410 49412 7ffdfb6013e7 _Yarn 49411->49412 49413 7ffdfb60146c 49411->49413 49414 7ffdfb601413 49411->49414 49412->49349 49418 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49413->49418 49415 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49414->49415 49417 7ffdfb6014b1 49414->49417 49416 7ffdfb601429 49415->49416 49416->49412 49420 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49416->49420 49419 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 49417->49419 49418->49412 49419->49408 49420->49417 49423 7ffdfb6023fa 49421->49423 49422 7ffdfb60258e 49424 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 49422->49424 49423->49422 49426 7ffdfb60243e 49423->49426 49428 7ffdfb602416 _Yarn 49423->49428 49431 7ffdfb60249e 49423->49431 49425 7ffdfb602594 49424->49425 49427 7ffdfb674840 __std_exception_copy 47 API calls 49425->49427 49433 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49426->49433 49434 7ffdfb602588 49426->49434 49430 7ffdfb6025cd 49427->49430 49436 7ffdfb602583 49428->49436 49444 7ffdfb603e40 49428->49444 49430->49351 49435 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49431->49435 49433->49428 49437 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 49434->49437 49435->49428 49440 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49436->49440 49437->49422 49438 7ffdfb674840 __std_exception_copy 47 API calls 49439 7ffdfb602510 49438->49439 49439->49436 49441 7ffdfb60254e 49439->49441 49440->49434 49442 7ffdfb6737c0 DName::DName 8 API calls 49441->49442 49443 7ffdfb602575 49442->49443 49443->49351 49445 7ffdfb603e79 49444->49445 49446 7ffdfb603e89 49444->49446 49445->49446 49467 7ffdfb601730 49 API calls 4 library calls 49445->49467 49461 7ffdfb60c070 49446->49461 49448 7ffdfb603edf 49468 7ffdfb604160 49448->49468 49450 7ffdfb603efe 49452 7ffdfb603f37 49450->49452 49454 7ffdfb603fcc 49450->49454 49451 7ffdfb603f95 49453 7ffdfb6737c0 DName::DName 8 API calls 49451->49453 49452->49451 49455 7ffdfb603fd1 49452->49455 49456 7ffdfb6024de 49453->49456 49457 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49454->49457 49458 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49455->49458 49456->49438 49457->49455 49459 7ffdfb603fd7 49458->49459 49473 7ffdfb6726a8 GetLocaleInfoEx 49461->49473 49464 7ffdfb60c0a1 LocalFree 49464->49448 49466 7ffdfb6013b0 std::_Throw_Cpp_error 49 API calls 49466->49464 49467->49446 49469 7ffdfb6041c2 49468->49469 49472 7ffdfb604183 _Yarn 49468->49472 49477 7ffdfb601730 49 API calls 4 library calls 49469->49477 49471 7ffdfb6041db 49471->49450 49472->49450 49474 7ffdfb6726d8 FormatMessageA 49473->49474 49476 7ffdfb60c091 49474->49476 49476->49464 49476->49466 49477->49471 49478->49276 49479->49281 49480->48709 49484 7ffdfb670eb0 QueryPerformanceFrequency 49483->49484 49485 7ffdfb604af2 49484->49485 49492 7ffdfb670e94 QueryPerformanceCounter 49485->49492 49487 7ffdfb604afa 49487->48636 49489 7ffdfb670ec0 QueryPerformanceFrequency 49488->49489 49490 7ffdfb670ed7 49488->49490 49489->49490 49490->48636 49491->48636 49492->49487 49493 7ffdfb683a18 49494 7ffdfb683a26 GetLastError ExitThread 49493->49494 49495 7ffdfb683a35 49493->49495 49507 7ffdfb68d570 GetLastError 49495->49507 49500 7ffdfb683a53 49533 7ffdfb608ee0 49500->49533 49539 7ffdfb6129e0 49500->49539 49508 7ffdfb68d5b1 FlsSetValue 49507->49508 49509 7ffdfb68d594 FlsGetValue 49507->49509 49511 7ffdfb68d5c3 49508->49511 49526 7ffdfb68d5a1 49508->49526 49510 7ffdfb68d5ab 49509->49510 49509->49526 49510->49508 49513 7ffdfb68f18c _Getctype 11 API calls 49511->49513 49512 7ffdfb68d61d SetLastError 49514 7ffdfb683a3a 49512->49514 49515 7ffdfb68d63d 49512->49515 49516 7ffdfb68d5d2 49513->49516 49529 7ffdfb692a90 49514->49529 49551 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 49515->49551 49518 7ffdfb68d5f0 FlsSetValue 49516->49518 49519 7ffdfb68d5e0 FlsSetValue 49516->49519 49522 7ffdfb68d5fc FlsSetValue 49518->49522 49523 7ffdfb68d60e 49518->49523 49521 7ffdfb68d5e9 49519->49521 49520 7ffdfb68d642 49524 7ffdfb68f150 __free_lconv_num 11 API calls 49521->49524 49522->49521 49550 7ffdfb68d2dc 11 API calls _Getctype 49523->49550 49524->49526 49526->49512 49527 7ffdfb68d616 49528 7ffdfb68f150 __free_lconv_num 11 API calls 49527->49528 49528->49512 49530 7ffdfb692a9f 49529->49530 49531 7ffdfb683a46 49529->49531 49530->49531 49552 7ffdfb68f4cc 49530->49552 49531->49500 49549 7ffdfb68f9c8 5 API calls __crtLCMapStringW 49531->49549 49564 7ffdfb60d170 49533->49564 49645 7ffdfb60e0a5 49533->49645 49534 7ffdfb608eeb 49715 7ffdfb671a54 61 API calls std::_Throw_Cpp_error 49534->49715 49945 7ffdfb61fcb0 49539->49945 49954 7ffdfb61b910 49539->49954 49997 7ffdfb61b920 49539->49997 49540 7ffdfb6129ef 50053 7ffdfb671a54 61 API calls std::_Throw_Cpp_error 49540->50053 49549->49500 49550->49527 49551->49520 49555 7ffdfb68f2b8 49552->49555 49556 7ffdfb68f310 __vcrt_FlsAlloc 49555->49556 49557 7ffdfb68f315 49555->49557 49556->49557 49558 7ffdfb68f345 LoadLibraryExW 49556->49558 49561 7ffdfb68f43a GetProcAddressForCaller 49556->49561 49563 7ffdfb68f3a4 LoadLibraryExW 49556->49563 49557->49531 49559 7ffdfb68f41a 49558->49559 49560 7ffdfb68f36a GetLastError 49558->49560 49559->49561 49562 7ffdfb68f431 FreeLibrary 49559->49562 49560->49556 49561->49557 49562->49561 49563->49556 49563->49559 49614 7ffdfb60d1de 49564->49614 49566 7ffdfb60d30e GetDriveTypeA 49566->49614 49567 7ffdfb60e1b2 49569 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49567->49569 49568 7ffdfb671d30 48 API calls __std_fs_code_page 49568->49614 49571 7ffdfb60e1b8 49569->49571 49570 7ffdfb60e228 49572 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49570->49572 49797 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49571->49797 49575 7ffdfb60e22e 49572->49575 49573 7ffdfb60af80 66 API calls 49573->49614 49574 7ffdfb60e1cc 49799 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49574->49799 49804 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49575->49804 49577 7ffdfb60e176 49580 7ffdfb6737c0 DName::DName 8 API calls 49577->49580 49579 7ffdfb60e1c2 49798 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49579->49798 49582 7ffdfb60e186 49580->49582 49581 7ffdfb60e1d7 49800 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49581->49800 49582->49534 49584 7ffdfb60e13a 49584->49577 49795 7ffdfb60bd60 47 API calls _invalid_parameter_noinfo_noreturn 49584->49795 49585 7ffdfb60e20b 49803 7ffdfb60b940 57 API calls Concurrency::cancel_current_task 49585->49803 49587 7ffdfb60e23a 49805 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49587->49805 49591 7ffdfb60e1e1 49801 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49591->49801 49593 7ffdfb60baf0 47 API calls 49593->49614 49594 7ffdfb60e243 49766 7ffdfb60ba00 49594->49766 49595 7ffdfb60e1eb 49802 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49595->49802 49596 7ffdfb60e1a8 49796 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49596->49796 49599 7ffdfb671d58 MultiByteToWideChar GetLastError __std_fs_convert_narrow_to_wide 49618 7ffdfb60d762 memcpy_s 49599->49618 49600 7ffdfb60aca0 48 API calls 49600->49614 49603 7ffdfb60e25a 49609 7ffdfb60ba00 57 API calls 49603->49609 49606 7ffdfb67329c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection std::bad_exception::bad_exception 49606->49618 49607 7ffdfb60e1f6 49612 7ffdfb60ba00 57 API calls 49607->49612 49613 7ffdfb60e26b 49609->49613 49610 7ffdfb60c1d0 49 API calls 49610->49614 49612->49585 49615 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49613->49615 49614->49566 49614->49567 49614->49568 49614->49570 49614->49571 49614->49573 49614->49574 49614->49579 49614->49581 49614->49585 49614->49591 49614->49593 49614->49595 49614->49600 49614->49607 49614->49610 49616 7ffdfb671d58 MultiByteToWideChar GetLastError __std_fs_convert_narrow_to_wide 49614->49616 49614->49618 49774 7ffdfb601730 49 API calls 4 library calls 49614->49774 49775 7ffdfb609e40 49 API calls 4 library calls 49614->49775 49776 7ffdfb608bb0 49 API calls 3 library calls 49614->49776 49617 7ffdfb60e270 49615->49617 49616->49614 49806 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49617->49806 49618->49575 49618->49584 49618->49587 49618->49594 49618->49596 49618->49599 49618->49603 49618->49606 49618->49613 49618->49617 49621 7ffdfb60e27b 49618->49621 49623 7ffdfb60e286 49618->49623 49625 7ffdfb60e28f 49618->49625 49627 7ffdfb609fa0 49 API calls 49618->49627 49628 7ffdfb60e295 49618->49628 49631 7ffdfb60e29b 49618->49631 49634 7ffdfb60b090 49 API calls 49618->49634 49638 7ffdfb671d30 48 API calls __std_fs_code_page 49618->49638 49640 7ffdfb671da0 5 API calls __std_fs_convert_wide_to_narrow 49618->49640 49643 7ffdfb60baf0 47 API calls 49618->49643 49716 7ffdfb608d80 49618->49716 49729 7ffdfb60ae20 49618->49729 49735 7ffdfb60ab40 49618->49735 49743 7ffdfb60aca0 49618->49743 49749 7ffdfb60a420 49618->49749 49762 7ffdfb60a520 49618->49762 49777 7ffdfb60c1d0 49 API calls 49618->49777 49778 7ffdfb6085b0 49618->49778 49792 7ffdfb6088c0 54 API calls 2 library calls 49618->49792 49793 7ffdfb609070 49 API calls 5 library calls 49618->49793 49794 7ffdfb60c260 230 API calls 8 library calls 49618->49794 49807 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49621->49807 49808 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49623->49808 49626 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49625->49626 49626->49628 49627->49618 49630 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49628->49630 49630->49631 49809 7ffdfb60b9a0 52 API calls Concurrency::cancel_current_task 49631->49809 49634->49618 49638->49618 49640->49618 49643->49618 49700 7ffdfb60d788 memcpy_s 49645->49700 49646 7ffdfb60a520 47 API calls 49646->49700 49647 7ffdfb60e176 49649 7ffdfb6737c0 DName::DName 8 API calls 49647->49649 49648 7ffdfb608d80 74 API calls 49648->49700 49650 7ffdfb60e186 49649->49650 49650->49534 49651 7ffdfb60e13a 49651->49647 49937 7ffdfb60bd60 47 API calls _invalid_parameter_noinfo_noreturn 49651->49937 49652 7ffdfb60e243 49655 7ffdfb60ba00 57 API calls 49652->49655 49654 7ffdfb671d30 48 API calls __std_fs_code_page 49654->49700 49656 7ffdfb60e25a 49655->49656 49659 7ffdfb60ba00 57 API calls 49656->49659 49657 7ffdfb60e1a8 49938 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49657->49938 49661 7ffdfb60e26b 49659->49661 49662 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49661->49662 49666 7ffdfb60e270 49662->49666 49941 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49666->49941 49667 7ffdfb60e23a 49940 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49667->49940 49669 7ffdfb60ae20 66 API calls 49669->49700 49672 7ffdfb671d58 MultiByteToWideChar GetLastError __std_fs_convert_narrow_to_wide 49672->49700 49673 7ffdfb60e27b 49942 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49673->49942 49677 7ffdfb60e286 49943 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49677->49943 49678 7ffdfb60b090 49 API calls 49678->49700 49681 7ffdfb60e28f 49686 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49681->49686 49682 7ffdfb67329c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection std::bad_exception::bad_exception 49682->49700 49683 7ffdfb609fa0 49 API calls 49683->49700 49685 7ffdfb6085b0 49 API calls 49685->49700 49688 7ffdfb60e295 49686->49688 49693 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49688->49693 49690 7ffdfb60baf0 47 API calls 49690->49700 49696 7ffdfb60e29b 49693->49696 49694 7ffdfb60ab40 51 API calls 49694->49700 49944 7ffdfb60b9a0 52 API calls Concurrency::cancel_current_task 49696->49944 49700->49646 49700->49648 49700->49651 49700->49652 49700->49654 49700->49656 49700->49657 49700->49661 49700->49666 49700->49667 49700->49669 49700->49672 49700->49673 49700->49677 49700->49678 49700->49681 49700->49682 49700->49683 49700->49685 49700->49688 49700->49690 49700->49694 49700->49696 49710 7ffdfb671da0 5 API calls __std_fs_convert_wide_to_narrow 49700->49710 49712 7ffdfb60e22e 49700->49712 49713 7ffdfb60aca0 48 API calls 49700->49713 49714 7ffdfb60a420 47 API calls 49700->49714 49933 7ffdfb60c1d0 49 API calls 49700->49933 49934 7ffdfb6088c0 54 API calls 2 library calls 49700->49934 49935 7ffdfb609070 49 API calls 5 library calls 49700->49935 49936 7ffdfb60c260 230 API calls 8 library calls 49700->49936 49710->49700 49939 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49712->49939 49713->49700 49714->49700 49717 7ffdfb609fa0 49 API calls 49716->49717 49718 7ffdfb608db2 49717->49718 49810 7ffdfb60b2a0 49718->49810 49722 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49724 7ffdfb608e15 49722->49724 49827 7ffdfb672028 49724->49827 49725 7ffdfb60baf0 47 API calls 49726 7ffdfb608eab 49725->49726 49727 7ffdfb6737c0 DName::DName 8 API calls 49726->49727 49728 7ffdfb608ebd 49727->49728 49728->49618 49730 7ffdfb60aebf 49729->49730 49733 7ffdfb60ae57 49729->49733 49731 7ffdfb6720f8 66 API calls 49730->49731 49731->49733 49732 7ffdfb6737c0 DName::DName 8 API calls 49734 7ffdfb60af74 49732->49734 49733->49732 49734->49618 49737 7ffdfb60ab70 49735->49737 49736 7ffdfb672008 2 API calls 49736->49737 49737->49736 49738 7ffdfb60abb4 49737->49738 49740 7ffdfb60aba7 49737->49740 49739 7ffdfb6737c0 DName::DName 8 API calls 49738->49739 49741 7ffdfb60ac06 49739->49741 49742 7ffdfb60b730 49 API calls 49740->49742 49741->49618 49742->49738 49744 7ffdfb60acb8 49743->49744 49745 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49744->49745 49746 7ffdfb60ace1 49745->49746 49747 7ffdfb672028 48 API calls 49746->49747 49748 7ffdfb60ad02 49747->49748 49750 7ffdfb60a456 49749->49750 49751 7ffdfb674840 __std_exception_copy 47 API calls 49750->49751 49752 7ffdfb60a48f 49751->49752 49754 7ffdfb60a501 49752->49754 49755 7ffdfb60a4cd 49752->49755 49753 7ffdfb6737c0 DName::DName 8 API calls 49756 7ffdfb60a4f3 49753->49756 49757 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49754->49757 49755->49753 49756->49618 49758 7ffdfb60a506 49757->49758 49759 7ffdfb60bb2c 49758->49759 49760 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49758->49760 49759->49618 49761 7ffdfb60bb50 49760->49761 49765 7ffdfb60a538 49762->49765 49763 7ffdfb60baf0 47 API calls 49763->49765 49764 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49764->49765 49765->49762 49765->49763 49765->49764 49767 7ffdfb60ba1d 49766->49767 49861 7ffdfb609f60 49767->49861 49772 7ffdfb6748f8 Concurrency::cancel_current_task 2 API calls 49773 7ffdfb60ba65 49772->49773 49774->49614 49775->49614 49776->49614 49777->49618 49779 7ffdfb6086d3 49778->49779 49782 7ffdfb6085d9 49778->49782 49780 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 49779->49780 49781 7ffdfb6086d9 49780->49781 49783 7ffdfb6086cd 49782->49783 49784 7ffdfb608633 49782->49784 49785 7ffdfb608687 49782->49785 49787 7ffdfb6085e4 _Yarn 49782->49787 49786 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 49783->49786 49784->49783 49789 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49784->49789 49788 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49785->49788 49786->49779 49787->49618 49788->49787 49790 7ffdfb608648 49789->49790 49790->49787 49791 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49790->49791 49791->49783 49792->49618 49793->49618 49794->49618 49795->49577 49811 7ffdfb60b2cf 49810->49811 49812 7ffdfb609fa0 49 API calls 49811->49812 49825 7ffdfb60b425 49811->49825 49814 7ffdfb60b30a 49812->49814 49813 7ffdfb6737c0 DName::DName 8 API calls 49815 7ffdfb608dd5 49813->49815 49833 7ffdfb608500 49814->49833 49815->49722 49815->49724 49820 7ffdfb60b35c 49823 7ffdfb6720f8 66 API calls 49820->49823 49826 7ffdfb60b357 49820->49826 49821 7ffdfb60b34c 49852 7ffdfb60b8e0 49821->49852 49823->49826 49824 7ffdfb60baf0 47 API calls 49824->49825 49825->49813 49826->49824 49828 7ffdfb672032 FindClose 49827->49828 49829 7ffdfb608ea1 49827->49829 49828->49829 49830 7ffdfb672041 49828->49830 49829->49725 49860 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 49830->49860 49832 7ffdfb672046 49834 7ffdfb6085b0 49 API calls 49833->49834 49835 7ffdfb60853d 49834->49835 49836 7ffdfb60a840 49 API calls 49835->49836 49837 7ffdfb60854b 49836->49837 49840 7ffdfb6085a2 49837->49840 49841 7ffdfb608587 49837->49841 49838 7ffdfb6737c0 DName::DName 8 API calls 49839 7ffdfb60859c 49838->49839 49844 7ffdfb672048 49839->49844 49842 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49840->49842 49841->49838 49843 7ffdfb6085a7 49842->49843 49845 7ffdfb672073 FindFirstFileExW 49844->49845 49846 7ffdfb672066 FindClose 49844->49846 49848 7ffdfb67209e GetLastError 49845->49848 49849 7ffdfb60b346 49845->49849 49846->49845 49847 7ffdfb6720b4 49846->49847 49856 7ffdfb68a7f4 47 API calls __std_fs_directory_iterator_open 49847->49856 49848->49849 49849->49820 49849->49821 49851 7ffdfb6720b9 49853 7ffdfb60b8f0 49852->49853 49854 7ffdfb60b91c 49853->49854 49857 7ffdfb672008 FindNextFileW 49853->49857 49854->49826 49856->49851 49858 7ffdfb67201d GetLastError 49857->49858 49859 7ffdfb672016 49857->49859 49859->49853 49860->49832 49862 7ffdfb609f80 49861->49862 49862->49862 49863 7ffdfb6013b0 std::_Throw_Cpp_error 49 API calls 49862->49863 49864 7ffdfb609f8e 49863->49864 49865 7ffdfb60a250 49864->49865 49866 7ffdfb6023b0 std::_Throw_Cpp_error 52 API calls 49865->49866 49867 7ffdfb60a287 49866->49867 49868 7ffdfb609fa0 49 API calls 49867->49868 49869 7ffdfb60a29e 49868->49869 49878 7ffdfb60b450 49869->49878 49872 7ffdfb60a35b 49873 7ffdfb6737c0 DName::DName 8 API calls 49872->49873 49874 7ffdfb60a371 49873->49874 49874->49772 49875 7ffdfb60a378 49876 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49875->49876 49877 7ffdfb60a37d 49876->49877 49879 7ffdfb671d30 __std_fs_code_page 48 API calls 49878->49879 49880 7ffdfb60b4b4 49879->49880 49907 7ffdfb608a30 49880->49907 49883 7ffdfb608a30 53 API calls 49884 7ffdfb60b524 49883->49884 49885 7ffdfb60b55e 49884->49885 49922 7ffdfb6098a0 49884->49922 49887 7ffdfb604160 Concurrency::wait 49 API calls 49885->49887 49888 7ffdfb60b571 49887->49888 49889 7ffdfb604160 Concurrency::wait 49 API calls 49888->49889 49890 7ffdfb60b586 49889->49890 49891 7ffdfb604160 Concurrency::wait 49 API calls 49890->49891 49892 7ffdfb60b5a0 49891->49892 49893 7ffdfb60b5d3 49892->49893 49895 7ffdfb604160 Concurrency::wait 49 API calls 49892->49895 49894 7ffdfb60b5e0 49893->49894 49926 7ffdfb6018c0 49 API calls 4 library calls 49893->49926 49900 7ffdfb60b68b 49894->49900 49901 7ffdfb60b6bb 49894->49901 49906 7ffdfb60b6c0 49894->49906 49897 7ffdfb60b5b9 49895->49897 49898 7ffdfb604160 Concurrency::wait 49 API calls 49897->49898 49898->49893 49899 7ffdfb6737c0 DName::DName 8 API calls 49902 7ffdfb60a321 49899->49902 49900->49899 49904 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49901->49904 49902->49872 49902->49875 49903 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49905 7ffdfb60b6c6 49903->49905 49904->49906 49906->49903 49908 7ffdfb608a78 49907->49908 49909 7ffdfb608adc 49907->49909 49921 7ffdfb608afb 49908->49921 49927 7ffdfb671ec4 WideCharToMultiByte GetLastError WideCharToMultiByte GetLastError 49908->49927 49909->49883 49912 7ffdfb608b06 49932 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49912->49932 49913 7ffdfb608a99 49913->49912 49928 7ffdfb60c130 49 API calls memcpy_s 49913->49928 49917 7ffdfb608ab2 49929 7ffdfb671ec4 WideCharToMultiByte GetLastError WideCharToMultiByte GetLastError 49917->49929 49919 7ffdfb608ad1 49919->49909 49930 7ffdfb60bab0 49 API calls Concurrency::cancel_current_task 49919->49930 49931 7ffdfb60ba70 49 API calls Concurrency::cancel_current_task 49921->49931 49923 7ffdfb6099e6 49922->49923 49924 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 49923->49924 49925 7ffdfb6099eb 49924->49925 49926->49894 49927->49913 49928->49917 49929->49919 49933->49700 49934->49700 49935->49700 49936->49700 49937->49647 49950 7ffdfb61fccc 49945->49950 49953 7ffdfb61fd3c 49945->49953 49946 7ffdfb601aa0 6 API calls 49946->49950 49950->49946 49950->49953 50054 7ffdfb61e8f0 49950->50054 50070 7ffdfb6260c0 49950->50070 50089 7ffdfb61f710 59 API calls 2 library calls 49950->50089 50090 7ffdfb61f8a0 65 API calls 2 library calls 49950->50090 50091 7ffdfb635cc0 219 API calls _Xtime_get_ticks 49950->50091 49953->49540 49979 7ffdfb61ef40 49954->49979 49955 7ffdfb61f1d2 49957 7ffdfb6737c0 DName::DName 8 API calls 49955->49957 49956 7ffdfb61f19c 49956->49955 49958 7ffdfb61f1fe 49956->49958 49959 7ffdfb61f1e3 49957->49959 49960 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49958->49960 49959->49540 49962 7ffdfb61f203 49960->49962 49961 7ffdfb61f18a 49961->49956 50255 7ffdfb625c00 65 API calls 49961->50255 49963 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49962->49963 49965 7ffdfb61f209 49963->49965 49966 7ffdfb61c7a0 49 API calls 49965->49966 49994 7ffdfb61f20f 49966->49994 49968 7ffdfb61f546 49968->49540 49971 7ffdfb601aa0 6 API calls 49971->49994 49973 7ffdfb61f656 50263 7ffdfb671c68 52 API calls 2 library calls 49973->50263 49974 7ffdfb61f644 50262 7ffdfb671c68 52 API calls 2 library calls 49974->50262 49977 7ffdfb61f661 49981 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49977->49981 49978 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 49978->49979 49979->49956 49979->49961 49979->49962 49979->49965 49979->49978 50252 7ffdfb61ebe0 49 API calls 49979->50252 50253 7ffdfb60e8e0 49 API calls 4 library calls 49979->50253 50254 7ffdfb670f18 GetSystemTimeAsFileTime _Xtime_get_ticks 49979->50254 49982 7ffdfb61f667 49981->49982 49983 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49982->49983 49985 7ffdfb61f66d 49983->49985 49987 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 49985->49987 49986 7ffdfb6067b0 49 API calls 49986->49994 49988 7ffdfb61f673 49987->49988 49989 7ffdfb6060a0 49 API calls 49989->49994 49990 7ffdfb60d040 49 API calls 49990->49994 49993 7ffdfb670eb0 QueryPerformanceFrequency 49993->49994 49994->49968 49994->49971 49994->49973 49994->49974 49994->49977 49994->49982 49994->49985 49994->49986 49994->49989 49994->49990 49994->49993 49995 7ffdfb670e94 QueryPerformanceCounter 49994->49995 50256 7ffdfb672c18 14 API calls 2 library calls 49994->50256 50257 7ffdfb672c20 ReleaseSRWLockExclusive 49994->50257 50258 7ffdfb606200 49 API calls 4 library calls 49994->50258 50259 7ffdfb636390 71 API calls 7 library calls 49994->50259 50260 7ffdfb60e560 47 API calls _invalid_parameter_noinfo_noreturn 49994->50260 50261 7ffdfb618cb0 60 API calls 3 library calls 49994->50261 49995->49994 50006 7ffdfb61ed50 49997->50006 49998 7ffdfb61eefa 49999 7ffdfb6737c0 DName::DName 8 API calls 49998->49999 50000 7ffdfb61ef12 49999->50000 50000->49540 50002 7ffdfb61ebe0 49 API calls 50002->50006 50003 7ffdfb61ef2a 50004 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50003->50004 50022 7ffdfb61ef30 50004->50022 50006->49998 50006->50002 50006->50003 50007 7ffdfb61ef24 50006->50007 50008 7ffdfb61ef1f 50006->50008 50264 7ffdfb6324c0 219 API calls 2 library calls 50006->50264 50265 7ffdfb625c20 50 API calls 50006->50265 50009 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50007->50009 50011 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50008->50011 50009->50003 50010 7ffdfb61f19c 50012 7ffdfb61f1d2 50010->50012 50014 7ffdfb61f1fe 50010->50014 50011->50007 50013 7ffdfb6737c0 DName::DName 8 API calls 50012->50013 50015 7ffdfb61f1e3 50013->50015 50016 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50014->50016 50015->49540 50018 7ffdfb61f203 50016->50018 50017 7ffdfb61f18a 50017->50010 50269 7ffdfb625c00 65 API calls 50017->50269 50019 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50018->50019 50021 7ffdfb61f209 50019->50021 50023 7ffdfb61c7a0 49 API calls 50021->50023 50022->50010 50022->50017 50022->50018 50022->50021 50035 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 50022->50035 50266 7ffdfb61ebe0 49 API calls 50022->50266 50267 7ffdfb60e8e0 49 API calls 4 library calls 50022->50267 50268 7ffdfb670f18 GetSystemTimeAsFileTime _Xtime_get_ticks 50022->50268 50030 7ffdfb61f20f 50023->50030 50025 7ffdfb61f546 50025->49540 50028 7ffdfb601aa0 6 API calls 50028->50030 50030->50025 50030->50028 50031 7ffdfb61f644 50030->50031 50034 7ffdfb61f661 50030->50034 50036 7ffdfb61f656 50030->50036 50039 7ffdfb61f667 50030->50039 50042 7ffdfb61f66d 50030->50042 50043 7ffdfb6067b0 49 API calls 50030->50043 50046 7ffdfb6060a0 49 API calls 50030->50046 50047 7ffdfb60d040 49 API calls 50030->50047 50050 7ffdfb670eb0 QueryPerformanceFrequency 50030->50050 50051 7ffdfb670e94 QueryPerformanceCounter 50030->50051 50270 7ffdfb672c18 14 API calls 2 library calls 50030->50270 50271 7ffdfb672c20 ReleaseSRWLockExclusive 50030->50271 50272 7ffdfb606200 49 API calls 4 library calls 50030->50272 50273 7ffdfb636390 71 API calls 7 library calls 50030->50273 50274 7ffdfb60e560 47 API calls _invalid_parameter_noinfo_noreturn 50030->50274 50275 7ffdfb618cb0 60 API calls 3 library calls 50030->50275 50276 7ffdfb671c68 52 API calls 2 library calls 50031->50276 50038 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50034->50038 50035->50022 50277 7ffdfb671c68 52 API calls 2 library calls 50036->50277 50038->50039 50040 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50039->50040 50040->50042 50044 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50042->50044 50043->50030 50045 7ffdfb61f673 50044->50045 50046->50030 50047->50030 50050->50030 50051->50030 50055 7ffdfb61e91e 50054->50055 50059 7ffdfb61eb74 50055->50059 50062 7ffdfb61e93b 50055->50062 50056 7ffdfb61eb1d 50057 7ffdfb6737c0 DName::DName 8 API calls 50056->50057 50058 7ffdfb61eb55 50057->50058 50058->49950 50059->50056 50110 7ffdfb624600 50059->50110 50062->50056 50064 7ffdfb61ebaf 50062->50064 50067 7ffdfb61fd60 49 API calls 50062->50067 50068 7ffdfb61ebaa 50062->50068 50092 7ffdfb624d20 50062->50092 50096 7ffdfb624440 50062->50096 50065 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50064->50065 50066 7ffdfb61ebb5 50065->50066 50067->50062 50069 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50068->50069 50069->50064 50071 7ffdfb6260cc UnDecorator::getSymbolName 50070->50071 50153 7ffdfb637040 50071->50153 50073 7ffdfb6262cb 50075 7ffdfb6737c0 DName::DName 8 API calls 50073->50075 50074 7ffdfb6260e9 50074->50073 50077 7ffdfb62623f 50074->50077 50237 7ffdfb670f18 GetSystemTimeAsFileTime _Xtime_get_ticks 50074->50237 50076 7ffdfb626310 50075->50076 50076->49950 50081 7ffdfb626257 _Yarn 50077->50081 50168 7ffdfb636fe0 50077->50168 50081->50073 50082 7ffdfb6262c3 50081->50082 50176 7ffdfb636f10 50081->50176 50238 7ffdfb606200 49 API calls 4 library calls 50081->50238 50184 7ffdfb624ff0 50082->50184 50085 7ffdfb626321 50239 7ffdfb670e00 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 50085->50239 50088 7ffdfb626149 50088->50073 50088->50077 50088->50085 50089->49950 50090->49950 50091->49950 50095 7ffdfb624d45 50092->50095 50093 7ffdfb6737c0 DName::DName 8 API calls 50094 7ffdfb624d8e 50093->50094 50094->50062 50095->50093 50099 7ffdfb62446f 50096->50099 50097 7ffdfb6737c0 DName::DName 8 API calls 50098 7ffdfb6245e0 50097->50098 50098->50062 50100 7ffdfb62453a 50099->50100 50101 7ffdfb6244bb 50099->50101 50109 7ffdfb62451f 50099->50109 50102 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 50100->50102 50104 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 50101->50104 50103 7ffdfb624550 50102->50103 50123 7ffdfb636cc0 17 API calls 2 library calls 50103->50123 50106 7ffdfb6244d1 50104->50106 50116 7ffdfb636c40 50106->50116 50107 7ffdfb6245a1 50107->50109 50109->50097 50112 7ffdfb624626 50110->50112 50111 7ffdfb624665 50113 7ffdfb6737c0 DName::DName 8 API calls 50111->50113 50112->50111 50139 7ffdfb636bb0 50112->50139 50114 7ffdfb62469b 50113->50114 50114->50056 50124 7ffdfb636a20 50116->50124 50120 7ffdfb636ca9 50121 7ffdfb6737c0 DName::DName 8 API calls 50120->50121 50122 7ffdfb636cb6 50121->50122 50122->50109 50123->50107 50126 7ffdfb636a55 50124->50126 50125 7ffdfb6737c0 DName::DName 8 API calls 50127 7ffdfb636b9e htons 50125->50127 50126->50125 50128 7ffdfb636760 50127->50128 50129 7ffdfb636778 50128->50129 50130 7ffdfb636785 socket 50128->50130 50129->50120 50131 7ffdfb6367a1 WSAGetLastError 50130->50131 50132 7ffdfb6367a7 ioctlsocket connect 50130->50132 50131->50132 50133 7ffdfb63680d htons 50132->50133 50134 7ffdfb6367d9 WSAGetLastError 50132->50134 50138 7ffdfb670f18 GetSystemTimeAsFileTime _Xtime_get_ticks 50133->50138 50134->50133 50135 7ffdfb6367e6 closesocket 50134->50135 50135->50120 50137 7ffdfb636831 50137->50120 50138->50137 50140 7ffdfb636a20 8 API calls 50139->50140 50141 7ffdfb636be0 50140->50141 50148 7ffdfb636f70 inet_pton 50141->50148 50143 7ffdfb636bf1 htons 50144 7ffdfb636760 8 API calls 50143->50144 50145 7ffdfb636c1f 50144->50145 50146 7ffdfb6737c0 DName::DName 8 API calls 50145->50146 50147 7ffdfb636c2c 50146->50147 50147->50111 50149 7ffdfb636fce 50148->50149 50150 7ffdfb636f99 getaddrinfo 50148->50150 50149->50143 50151 7ffdfb636fb0 50150->50151 50152 7ffdfb636fb8 freeaddrinfo 50150->50152 50151->50143 50152->50149 50154 7ffdfb63706b select 50153->50154 50165 7ffdfb6370e9 50153->50165 50156 7ffdfb63710d 50154->50156 50157 7ffdfb6370ad getsockopt 50154->50157 50155 7ffdfb6737c0 DName::DName 8 API calls 50158 7ffdfb6371d9 50155->50158 50159 7ffdfb637111 50156->50159 50160 7ffdfb637146 50156->50160 50166 7ffdfb6370e3 50157->50166 50158->50074 50240 7ffdfb670f18 GetSystemTimeAsFileTime _Xtime_get_ticks 50159->50240 50241 7ffdfb687018 11 API calls memcpy_s 50160->50241 50162 7ffdfb63715e shutdown closesocket 50162->50165 50164 7ffdfb63714b 50242 7ffdfb6871b4 47 API calls 4 library calls 50164->50242 50165->50155 50166->50162 50166->50165 50169 7ffdfb636ff5 50168->50169 50170 7ffdfb637026 50168->50170 50169->50170 50171 7ffdfb636ffb send 50169->50171 50170->50081 50171->50170 50172 7ffdfb637009 WSAGetLastError 50171->50172 50173 7ffdfb63701e 50172->50173 50174 7ffdfb637016 50172->50174 50243 7ffdfb636e40 50173->50243 50174->50081 50177 7ffdfb636f25 50176->50177 50178 7ffdfb636f56 50176->50178 50177->50178 50179 7ffdfb636f2b recv 50177->50179 50178->50081 50179->50178 50180 7ffdfb636f39 WSAGetLastError 50179->50180 50181 7ffdfb636f4e 50180->50181 50182 7ffdfb636f46 50180->50182 50183 7ffdfb636e40 2 API calls 50181->50183 50182->50081 50183->50178 50187 7ffdfb62503c _Yarn 50184->50187 50213 7ffdfb6252f9 _Yarn 50184->50213 50185 7ffdfb6737c0 DName::DName 8 API calls 50186 7ffdfb625a4f 50185->50186 50186->50073 50188 7ffdfb62588d 50187->50188 50189 7ffdfb625150 50187->50189 50187->50213 50192 7ffdfb6258a0 50188->50192 50193 7ffdfb625a06 50188->50193 50190 7ffdfb6255d1 50189->50190 50191 7ffdfb625156 50189->50191 50247 7ffdfb624b70 49 API calls _Yarn 50190->50247 50201 7ffdfb62517c 50191->50201 50204 7ffdfb625345 50191->50204 50222 7ffdfb62548d _Yarn 50191->50222 50194 7ffdfb625900 50192->50194 50195 7ffdfb6258af 50192->50195 50251 7ffdfb6228e0 49 API calls 2 library calls 50193->50251 50250 7ffdfb624920 49 API calls _Yarn 50194->50250 50198 7ffdfb6258be 50195->50198 50199 7ffdfb6258cb 50195->50199 50202 7ffdfb636e40 2 API calls 50198->50202 50249 7ffdfb624cf0 GetSystemTimeAsFileTime _Xtime_get_ticks 50199->50249 50201->50198 50201->50213 50236 7ffdfb6251a2 _Yarn 50201->50236 50202->50213 50231 7ffdfb625387 _Yarn 50204->50231 50246 7ffdfb6217b0 49 API calls 5 library calls 50204->50246 50205 7ffdfb625a93 50207 7ffdfb604120 std::bad_exception::bad_exception 49 API calls 50205->50207 50206 7ffdfb62591c 50209 7ffdfb625a70 50206->50209 50206->50213 50214 7ffdfb625a99 50207->50214 50208 7ffdfb625a87 50212 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50208->50212 50220 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50209->50220 50216 7ffdfb625a8d 50212->50216 50213->50185 50223 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50214->50223 50215 7ffdfb62570a 50224 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 50215->50224 50218 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50216->50218 50217 7ffdfb6256d1 _Yarn 50217->50214 50248 7ffdfb622bb0 49 API calls 2 library calls 50217->50248 50218->50205 50219 7ffdfb62561b 50219->50205 50219->50215 50219->50217 50225 7ffdfb625772 50219->50225 50226 7ffdfb625781 50219->50226 50234 7ffdfb625623 50219->50234 50227 7ffdfb625a75 50220->50227 50221 7ffdfb625a7b 50228 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50221->50228 50222->50213 50222->50216 50230 7ffdfb625a9f 50223->50230 50224->50217 50225->50215 50229 7ffdfb625a81 50225->50229 50232 7ffdfb67329c std::bad_exception::bad_exception 4 API calls 50226->50232 50235 7ffdfb681934 _invalid_parameter_noinfo_noreturn 47 API calls 50227->50235 50228->50229 50233 7ffdfb6040c0 Concurrency::cancel_current_task 2 API calls 50229->50233 50231->50213 50231->50221 50232->50217 50233->50208 50234->50208 50234->50213 50235->50221 50236->50213 50236->50227 50237->50088 50238->50081 50240->50166 50241->50164 50242->50166 50244 7ffdfb636e5d shutdown closesocket 50243->50244 50245 7ffdfb636e55 50243->50245 50244->50170 50245->50170 50246->50231 50247->50219 50248->50234 50249->50213 50250->50206 50251->50213 50252->49979 50253->49979 50254->49979 50255->49956 50256->49994 50257->49994 50258->49994 50259->49994 50260->49994 50261->49994 50264->50006 50265->50006 50266->50022 50267->50022 50268->50022 50269->50010 50270->50030 50271->50030 50272->50030 50273->50030 50274->50030 50275->50030 50306 7ffdfb605ee0 CreateThread WaitForSingleObject
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __std_fs_convert_narrow_to_wide$__std_fs_code_page_invalid_parameter_noinfo_noreturn$ByteCharMultiWide__std_fs_convert_wide_to_narrow$ApisDriveErrorFileLastType
                      • String ID: directory_entry::status$directory_iterator::directory_iterator$directory_iterator::operator++$exists$status
                      • API String ID: 497817043-1599448591
                      • Opcode ID: 089c25010aede620c3ee6f1aad9fc8b09ef9640c3f2b009ad9a8235de9e3c2bb
                      • Instruction ID: 3ebf9c6c23884a449626a8ab21c24082c5130d813d095290c7cde8bd65c9af75
                      • Opcode Fuzzy Hash: 089c25010aede620c3ee6f1aad9fc8b09ef9640c3f2b009ad9a8235de9e3c2bb
                      • Instruction Fuzzy Hash: CC928372B1AAC681EB208B16E4507EAA361FB89790F545235DAED47BEDDF3CD441CB00

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 302 7ffdfb6720f8-7ffdfb672138 303 7ffdfb67214d-7ffdfb672156 302->303 304 7ffdfb67213a-7ffdfb672141 302->304 306 7ffdfb672172-7ffdfb672174 303->306 307 7ffdfb672158-7ffdfb67215b 303->307 304->303 305 7ffdfb672143-7ffdfb672148 304->305 310 7ffdfb6723cc-7ffdfb6723f2 call 7ffdfb6737c0 305->310 308 7ffdfb6723ca 306->308 309 7ffdfb67217a-7ffdfb67217e 306->309 307->306 311 7ffdfb67215d-7ffdfb672165 307->311 308->310 312 7ffdfb672184-7ffdfb672187 309->312 313 7ffdfb672255-7ffdfb67227c call 7ffdfb672428 309->313 315 7ffdfb67216b-7ffdfb67216e 311->315 316 7ffdfb672167-7ffdfb672169 311->316 318 7ffdfb67219b-7ffdfb6721ad GetFileAttributesExW 312->318 319 7ffdfb672189-7ffdfb672191 312->319 325 7ffdfb67229e-7ffdfb6722a7 313->325 326 7ffdfb67227e-7ffdfb672287 313->326 315->306 316->306 316->315 323 7ffdfb6721af-7ffdfb6721b8 GetLastError 318->323 324 7ffdfb672200-7ffdfb67220f 318->324 319->318 322 7ffdfb672193-7ffdfb672195 319->322 322->313 322->318 323->310 327 7ffdfb6721be-7ffdfb6721d0 FindFirstFileW 323->327 328 7ffdfb672213-7ffdfb672215 324->328 331 7ffdfb6722ad-7ffdfb6722c5 GetFileInformationByHandleEx 325->331 332 7ffdfb67235b-7ffdfb672364 325->332 329 7ffdfb672289-7ffdfb672291 CloseHandle 326->329 330 7ffdfb672297-7ffdfb672299 326->330 333 7ffdfb6721d2-7ffdfb6721d8 GetLastError 327->333 334 7ffdfb6721dd-7ffdfb6721fe FindClose 327->334 335 7ffdfb672221-7ffdfb67224f 328->335 336 7ffdfb672217-7ffdfb67221f 328->336 329->330 337 7ffdfb67240d-7ffdfb672412 call 7ffdfb68a7f4 329->337 330->310 340 7ffdfb6722ed-7ffdfb672306 331->340 341 7ffdfb6722c7-7ffdfb6722d3 GetLastError 331->341 338 7ffdfb6723b3-7ffdfb6723b5 332->338 339 7ffdfb672366-7ffdfb67237a GetFileInformationByHandleEx 332->339 333->310 334->328 335->308 335->313 336->313 336->335 359 7ffdfb672413-7ffdfb672418 call 7ffdfb68a7f4 337->359 347 7ffdfb6723f3-7ffdfb6723f7 338->347 348 7ffdfb6723b7-7ffdfb6723bb 338->348 343 7ffdfb6723a0-7ffdfb6723b0 339->343 344 7ffdfb67237c-7ffdfb672388 GetLastError 339->344 340->332 349 7ffdfb672308-7ffdfb67230c 340->349 345 7ffdfb6722d5-7ffdfb6722e0 CloseHandle 341->345 346 7ffdfb6722e6-7ffdfb6722e8 341->346 343->338 344->346 353 7ffdfb67238e-7ffdfb672399 CloseHandle 344->353 345->346 354 7ffdfb67241f-7ffdfb672427 call 7ffdfb68a7f4 345->354 346->310 350 7ffdfb6723f9-7ffdfb672404 CloseHandle 347->350 351 7ffdfb672406-7ffdfb67240b 347->351 348->308 355 7ffdfb6723bd-7ffdfb6723c8 CloseHandle 348->355 356 7ffdfb672354 349->356 357 7ffdfb67230e-7ffdfb672328 GetFileInformationByHandleEx 349->357 350->337 350->351 351->310 360 7ffdfb67239b 353->360 361 7ffdfb672419-7ffdfb67241e call 7ffdfb68a7f4 353->361 355->308 355->337 358 7ffdfb672358 356->358 363 7ffdfb67234b-7ffdfb672352 357->363 364 7ffdfb67232a-7ffdfb672336 GetLastError 357->364 358->332 359->361 360->346 361->354 363->358 364->346 368 7ffdfb672338-7ffdfb672343 CloseHandle 364->368 368->359 371 7ffdfb672349 368->371 371->346
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                      • String ID:
                      • API String ID: 2398595512-0
                      • Opcode ID: cbb52d49409fda87dcf39da38a887af207d25e082b269dd45f47db89adc4384e
                      • Instruction ID: c9499c6d50566062c06da557fcf032dd9f884aa70c617491e4bb3b9093fcdeec
                      • Opcode Fuzzy Hash: cbb52d49409fda87dcf39da38a887af207d25e082b269dd45f47db89adc4384e
                      • Instruction Fuzzy Hash: 37918631B0AA0346EB645B25B824A796391FF56BB8F244734DA7E4F6FCDE3CE4418600

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 372 7ffdfb69d0c0-7ffdfb69d133 call 7ffdfb69cca4 375 7ffdfb69d135-7ffdfb69d13e call 7ffdfb686ff8 372->375 376 7ffdfb69d14d-7ffdfb69d157 call 7ffdfb69a504 372->376 383 7ffdfb69d141-7ffdfb69d148 call 7ffdfb687018 375->383 381 7ffdfb69d159-7ffdfb69d170 call 7ffdfb686ff8 call 7ffdfb687018 376->381 382 7ffdfb69d172-7ffdfb69d1db CreateFileW 376->382 381->383 385 7ffdfb69d258-7ffdfb69d263 GetFileType 382->385 386 7ffdfb69d1dd-7ffdfb69d1e3 382->386 400 7ffdfb69d48e-7ffdfb69d4ae 383->400 392 7ffdfb69d2b6-7ffdfb69d2bd 385->392 393 7ffdfb69d265-7ffdfb69d2a0 GetLastError call 7ffdfb686f8c CloseHandle 385->393 389 7ffdfb69d225-7ffdfb69d253 GetLastError call 7ffdfb686f8c 386->389 390 7ffdfb69d1e5-7ffdfb69d1e9 386->390 389->383 390->389 398 7ffdfb69d1eb-7ffdfb69d223 CreateFileW 390->398 396 7ffdfb69d2c5-7ffdfb69d2c8 392->396 397 7ffdfb69d2bf-7ffdfb69d2c3 392->397 393->383 406 7ffdfb69d2a6-7ffdfb69d2b1 call 7ffdfb687018 393->406 403 7ffdfb69d2ce-7ffdfb69d323 call 7ffdfb69a41c 396->403 404 7ffdfb69d2ca 396->404 397->403 398->385 398->389 411 7ffdfb69d325-7ffdfb69d331 call 7ffdfb69ceac 403->411 412 7ffdfb69d342-7ffdfb69d373 call 7ffdfb69ca24 403->412 404->403 406->383 411->412 419 7ffdfb69d333 411->419 417 7ffdfb69d375-7ffdfb69d377 412->417 418 7ffdfb69d379-7ffdfb69d3bb 412->418 420 7ffdfb69d335-7ffdfb69d33d call 7ffdfb690174 417->420 421 7ffdfb69d3dd-7ffdfb69d3e8 418->421 422 7ffdfb69d3bd-7ffdfb69d3c1 418->422 419->420 420->400 425 7ffdfb69d48c 421->425 426 7ffdfb69d3ee-7ffdfb69d3f2 421->426 422->421 424 7ffdfb69d3c3-7ffdfb69d3d8 422->424 424->421 425->400 426->425 428 7ffdfb69d3f8-7ffdfb69d43d CloseHandle CreateFileW 426->428 429 7ffdfb69d43f-7ffdfb69d46d GetLastError call 7ffdfb686f8c call 7ffdfb69a644 428->429 430 7ffdfb69d472-7ffdfb69d487 428->430 429->430 430->425
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                      • String ID:
                      • API String ID: 1617910340-0
                      • Opcode ID: cf7de675378a5cbfd29ab63b7c289bb692dbbc831a8b675e2e34d6ff1defbea5
                      • Instruction ID: 04999eab6e39ed81288512b6e5928ac32c7a6070cc4d61b37b254e8d483f4c61
                      • Opcode Fuzzy Hash: cf7de675378a5cbfd29ab63b7c289bb692dbbc831a8b675e2e34d6ff1defbea5
                      • Instruction Fuzzy Hash: 30C19137B29A4685EB10CF65C4A0AAC3765FB49B98B015235DF2E5B7E9CF38D455C300

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 463 7ffdfb61b910-7ffdfb61ef92 465 7ffdfb61f19d-7ffdfb61f1a4 463->465 466 7ffdfb61ef98 463->466 468 7ffdfb61f1a6-7ffdfb61f1bb 465->468 469 7ffdfb61f1d7-7ffdfb61f1fd call 7ffdfb6737c0 465->469 467 7ffdfb61efa2-7ffdfb61efaf call 7ffdfb632800 466->467 479 7ffdfb61efb5-7ffdfb61efd4 call 7ffdfb60ef30 467->479 480 7ffdfb61f178-7ffdfb61f17f 467->480 471 7ffdfb61f1bd-7ffdfb61f1d0 468->471 472 7ffdfb61f1d2 call 7ffdfb6732d8 468->472 471->472 475 7ffdfb61f1fe-7ffdfb61f203 call 7ffdfb681934 471->475 472->469 485 7ffdfb61f204-7ffdfb61f209 call 7ffdfb681934 475->485 490 7ffdfb61efed-7ffdfb61f005 call 7ffdfb60ef30 479->490 491 7ffdfb61efd6-7ffdfb61efe7 call 7ffdfb61b0f0 479->491 481 7ffdfb61f181-7ffdfb61f185 480->481 482 7ffdfb61f18a-7ffdfb61f18d 480->482 481->467 482->465 486 7ffdfb61f18f-7ffdfb61f19c call 7ffdfb625c00 482->486 498 7ffdfb61f20a-7ffdfb61f238 call 7ffdfb61c7a0 485->498 486->465 499 7ffdfb61f080-7ffdfb61f088 490->499 500 7ffdfb61f007-7ffdfb61f018 call 7ffdfb61b0f0 490->500 491->480 491->490 509 7ffdfb61f23e 498->509 510 7ffdfb61f546-7ffdfb61f560 498->510 502 7ffdfb61f09f-7ffdfb61f0a6 call 7ffdfb60e8e0 499->502 503 7ffdfb61f08a-7ffdfb61f09d 499->503 500->499 512 7ffdfb61f01a-7ffdfb61f044 call 7ffdfb61ebe0 500->512 506 7ffdfb61f0ab-7ffdfb61f0e2 call 7ffdfb670f18 call 7ffdfb60ef30 502->506 503->506 529 7ffdfb61f0e4-7ffdfb61f0f5 call 7ffdfb61b0f0 506->529 530 7ffdfb61f0f7-7ffdfb61f105 506->530 513 7ffdfb61f241-7ffdfb61f252 509->513 524 7ffdfb61f175 512->524 525 7ffdfb61f04a-7ffdfb61f05b 512->525 516 7ffdfb61f254-7ffdfb61f260 call 7ffdfb601aa0 513->516 517 7ffdfb61f26a-7ffdfb61f288 call 7ffdfb672c18 513->517 526 7ffdfb61f265 516->526 527 7ffdfb61f28e-7ffdfb61f299 517->527 528 7ffdfb61f657-7ffdfb61f661 call 7ffdfb671c68 517->528 524->480 531 7ffdfb61f05d-7ffdfb61f070 525->531 532 7ffdfb61f076-7ffdfb61f07b call 7ffdfb6732d8 525->532 533 7ffdfb61f537-7ffdfb61f540 526->533 534 7ffdfb61f29f-7ffdfb61f2b2 527->534 535 7ffdfb61f644-7ffdfb61f656 call 7ffdfb671c68 527->535 549 7ffdfb61f662-7ffdfb61f667 call 7ffdfb681934 528->549 529->530 550 7ffdfb61f167-7ffdfb61f16b 529->550 530->498 538 7ffdfb61f10b-7ffdfb61f164 call 7ffdfb67329c call 7ffdfb61c290 530->538 531->485 531->532 532->524 533->510 533->513 541 7ffdfb61f2df-7ffdfb61f2e3 534->541 542 7ffdfb61f2b4-7ffdfb61f2dd 534->542 535->528 538->550 548 7ffdfb61f2e7-7ffdfb61f2f6 call 7ffdfb672c20 541->548 542->548 558 7ffdfb61f2fc 548->558 559 7ffdfb61f4cb-7ffdfb61f4ce 548->559 560 7ffdfb61f668-7ffdfb61f66d call 7ffdfb681934 549->560 550->524 562 7ffdfb61f300-7ffdfb61f30a 558->562 559->533 561 7ffdfb61f4d0-7ffdfb61f513 call 7ffdfb60e560 559->561 569 7ffdfb61f66e-7ffdfb61f673 call 7ffdfb681934 560->569 570 7ffdfb61f52f-7ffdfb61f532 call 7ffdfb6732d8 561->570 571 7ffdfb61f515-7ffdfb61f529 561->571 562->559 565 7ffdfb61f310-7ffdfb61f350 call 7ffdfb6067b0 * 2 562->565 578 7ffdfb61f35e-7ffdfb61f370 call 7ffdfb6060a0 565->578 579 7ffdfb61f352-7ffdfb61f35c 565->579 570->533 571->569 571->570 580 7ffdfb61f375-7ffdfb61f380 578->580 579->580 583 7ffdfb61f38e-7ffdfb61f3a0 call 7ffdfb6060a0 580->583 584 7ffdfb61f382-7ffdfb61f38c 580->584 585 7ffdfb61f3a5-7ffdfb61f3b0 583->585 584->585 588 7ffdfb61f3be-7ffdfb61f3d0 call 7ffdfb6060a0 585->588 589 7ffdfb61f3b2-7ffdfb61f3bc 585->589 590 7ffdfb61f3d5-7ffdfb61f3db 588->590 589->590 593 7ffdfb61f3dd-7ffdfb61f3e7 590->593 594 7ffdfb61f3e9-7ffdfb61f3f2 call 7ffdfb6060a0 590->594 596 7ffdfb61f3f7-7ffdfb61f478 call 7ffdfb60d040 * 2 call 7ffdfb606200 call 7ffdfb670eb0 call 7ffdfb670e94 call 7ffdfb636390 593->596 594->596 609 7ffdfb61f47e-7ffdfb61f481 596->609 610 7ffdfb61f561-7ffdfb61f5d6 call 7ffdfb670eb0 call 7ffdfb670e94 call 7ffdfb618cb0 596->610 611 7ffdfb61f483-7ffdfb61f494 609->611 612 7ffdfb61f4b7 609->612 623 7ffdfb61f606-7ffdfb61f609 610->623 624 7ffdfb61f5d8-7ffdfb61f5e9 610->624 614 7ffdfb61f4af-7ffdfb61f4b2 call 7ffdfb6732d8 611->614 615 7ffdfb61f496-7ffdfb61f4a9 611->615 617 7ffdfb61f4ba-7ffdfb61f4c5 612->617 614->612 615->560 615->614 617->559 617->562 623->617 627 7ffdfb61f60f-7ffdfb61f620 623->627 625 7ffdfb61f600-7ffdfb61f605 call 7ffdfb6732d8 624->625 626 7ffdfb61f5eb-7ffdfb61f5fe 624->626 625->623 626->549 626->625 629 7ffdfb61f622-7ffdfb61f635 627->629 630 7ffdfb61f637-7ffdfb61f63f call 7ffdfb6732d8 627->630 629->560 629->630 630->617
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskXtime_get_ticks
                      • String ID:
                      • API String ID: 1158503968-0
                      • Opcode ID: bc057f2473daa175748766e53bd64e022376ac78503f272540ecfc597dbde49d
                      • Instruction ID: a3ab5a811f09c51e6833fdd32aa69d81cea0a0f258e1d1b43be48cde60f4d3f5
                      • Opcode Fuzzy Hash: bc057f2473daa175748766e53bd64e022376ac78503f272540ecfc597dbde49d
                      • Instruction Fuzzy Hash: 6B22E362B0AB8295EB10CF65D4607AD2361EB48B98F145636DF6C1BBEDDF38E055C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID:
                      • API String ID: 3936042273-0
                      • Opcode ID: b022d2ec1b42bdcaf3782a26730692957c5448a4463a9acc213311ea670f82a6
                      • Instruction ID: e151abe49138539c6365ec160711da35e1b07e8f17c7af20377292ca2213c5d9
                      • Opcode Fuzzy Hash: b022d2ec1b42bdcaf3782a26730692957c5448a4463a9acc213311ea670f82a6
                      • Instruction Fuzzy Hash: 9652B362B1A78246FF208F6994656BD63A1EB857E4F104332EE7D1BAEDDF6CD0418700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID: UUUUUUUU
                      • API String ID: 73155330-4023394949
                      • Opcode ID: 6b8db1faa9fabe018d9285c54ddd36226c2c255d7b81799916a537a232d1c5f4
                      • Instruction ID: 1371cefaf4b40d54ac88cf4223a2926a8493a5c52fa120970562d83b0068cd5b
                      • Opcode Fuzzy Hash: 6b8db1faa9fabe018d9285c54ddd36226c2c255d7b81799916a537a232d1c5f4
                      • Instruction Fuzzy Hash: 78719072715B8182EB54CB25F9512A9B3A8FB48BD0F149636EBAD47BD9CF38D061C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: FormatInfoLocaleMessage
                      • String ID: !x-sys-default-locale
                      • API String ID: 4235545615-2729719199
                      • Opcode ID: ad935c524a6dec67042784d27dc58e6aa16cb5516add0b3ce72735b210b29e54
                      • Instruction ID: 2f6a28d9f8ab874669949ae74c52a80da3f56deb3b6fdc2fe79d4935bd5e74f1
                      • Opcode Fuzzy Hash: ad935c524a6dec67042784d27dc58e6aa16cb5516add0b3ce72735b210b29e54
                      • Instruction Fuzzy Hash: EF018471B1978382E7118B21B920B6A77A6FB85789F148035DA5D0AAE9CF3CD945CB00
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLastrecv
                      • String ID:
                      • API String ID: 2514157807-0
                      • Opcode ID: 74f32e9412ac67f6e650f41e1d29d0b809624680fa79bec77c7590b538dc1e4f
                      • Instruction ID: d01fcd430b5bc7d7f5224bedd910e38d3c3132dcfd0e6717ec9ea616f208f784
                      • Opcode Fuzzy Hash: 74f32e9412ac67f6e650f41e1d29d0b809624680fa79bec77c7590b538dc1e4f
                      • Instruction Fuzzy Hash: 15F01522F0E40781FF604775AD6483922929B55B35B688370D63D8E7F4CE2C98E58200

                      Control-flow Graph

                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f3b622d7e8694473c6c6e16b422feae893ddfb54f874e7b7deb90370d846621
                      • Instruction ID: 8148474575635d82df359a80cfffbbfae6f005b3a1d98e8dc594e5fd753d0c99
                      • Opcode Fuzzy Hash: 8f3b622d7e8694473c6c6e16b422feae893ddfb54f874e7b7deb90370d846621
                      • Instruction Fuzzy Hash: 4A41F953F0E6C34BF7128B35AC309792B509BA6B94F4C5076DAD90A5FBEE2CA485C300

                      Control-flow Graph

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Message$HookStateWindows$CloseDispatchHandleTranslateUnhook
                      • String ID:
                      • API String ID: 3174565155-0
                      • Opcode ID: ee03ecaaf2d7d0fb30deef92977deca93fbd09c32946a9f92d2eca31e66d8f4f
                      • Instruction ID: 726393ac4d41e5471616a2a8cb772b2618e3eb505e29f1d216a7f2a9b2a7f196
                      • Opcode Fuzzy Hash: ee03ecaaf2d7d0fb30deef92977deca93fbd09c32946a9f92d2eca31e66d8f4f
                      • Instruction Fuzzy Hash: 0821A723B1AA8356FB116B25FD20E792760BFD9B88F485130ED5D094B8EF3CA585C700

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 634 7ffdfb609390-7ffdfb6093be 635 7ffdfb6093c4-7ffdfb6093ed 634->635 636 7ffdfb609546-7ffdfb609578 call 7ffdfb604120 634->636 637 7ffdfb60942f-7ffdfb609439 635->637 638 7ffdfb6093ef-7ffdfb6093fe 635->638 652 7ffdfb60957e-7ffdfb6095a7 636->652 653 7ffdfb6096fb-7ffdfb609739 call 7ffdfb604120 636->653 641 7ffdfb60943d-7ffdfb609444 637->641 638->637 640 7ffdfb609400-7ffdfb60941f 638->640 643 7ffdfb609540-7ffdfb609545 call 7ffdfb6040c0 640->643 644 7ffdfb609425-7ffdfb609428 640->644 645 7ffdfb609472 call 7ffdfb67329c 641->645 646 7ffdfb609446-7ffdfb60944d 641->646 643->636 644->641 650 7ffdfb60942a-7ffdfb60942d 644->650 654 7ffdfb609477 645->654 646->643 651 7ffdfb609453-7ffdfb60945e call 7ffdfb67329c 646->651 657 7ffdfb60947a-7ffdfb6094a1 650->657 674 7ffdfb609464-7ffdfb609470 651->674 675 7ffdfb60953a-7ffdfb60953f call 7ffdfb681934 651->675 659 7ffdfb6095e9-7ffdfb6095f3 652->659 660 7ffdfb6095a9-7ffdfb6095b8 652->660 682 7ffdfb60973f-7ffdfb609768 653->682 683 7ffdfb609899-7ffdfb6099eb call 7ffdfb604120 * 2 653->683 654->657 662 7ffdfb6094a3-7ffdfb6094d3 call 7ffdfb69f510 * 2 657->662 663 7ffdfb6094f7-7ffdfb609511 call 7ffdfb69f510 * 2 657->663 664 7ffdfb6095f7-7ffdfb6095fe 659->664 660->659 661 7ffdfb6095ba-7ffdfb6095d9 660->661 667 7ffdfb6095df-7ffdfb6095e2 661->667 668 7ffdfb6096f5-7ffdfb6096fa call 7ffdfb6040c0 661->668 704 7ffdfb6094ed-7ffdfb6094f5 call 7ffdfb6732d8 662->704 705 7ffdfb6094d5-7ffdfb6094e8 662->705 703 7ffdfb609515-7ffdfb609539 663->703 670 7ffdfb609600-7ffdfb609607 664->670 671 7ffdfb60962c-7ffdfb609631 call 7ffdfb67329c 664->671 667->664 677 7ffdfb6095e4-7ffdfb6095e7 667->677 668->653 670->668 681 7ffdfb60960d-7ffdfb609618 call 7ffdfb67329c 670->681 686 7ffdfb609634-7ffdfb60964a 671->686 674->657 675->643 677->686 706 7ffdfb60961e-7ffdfb60962a 681->706 707 7ffdfb6096ef-7ffdfb6096f4 call 7ffdfb681934 681->707 691 7ffdfb6097aa-7ffdfb6097b4 682->691 692 7ffdfb60976a-7ffdfb609779 682->692 700 7ffdfb6096a6-7ffdfb6096b4 call 7ffdfb69f510 686->700 701 7ffdfb60964c-7ffdfb60965d call 7ffdfb69f510 686->701 702 7ffdfb6097b8-7ffdfb6097bf 691->702 692->691 698 7ffdfb60977b-7ffdfb60979a 692->698 709 7ffdfb6097a0-7ffdfb6097a3 698->709 710 7ffdfb609893-7ffdfb609898 call 7ffdfb6040c0 698->710 731 7ffdfb6096c1-7ffdfb6096c5 700->731 732 7ffdfb6096b6-7ffdfb6096be 700->732 726 7ffdfb60965f-7ffdfb609667 701->726 727 7ffdfb60966a-7ffdfb609682 701->727 713 7ffdfb6097ed call 7ffdfb67329c 702->713 714 7ffdfb6097c1-7ffdfb6097c8 702->714 704->703 705->675 719 7ffdfb6094ea 705->719 706->686 707->668 709->702 722 7ffdfb6097a5-7ffdfb6097a8 709->722 710->683 729 7ffdfb6097f2 713->729 714->710 716 7ffdfb6097ce-7ffdfb6097d9 call 7ffdfb67329c 714->716 744 7ffdfb60988d-7ffdfb609892 call 7ffdfb681934 716->744 745 7ffdfb6097df-7ffdfb6097eb 716->745 719->704 734 7ffdfb6097f5-7ffdfb60980a 722->734 726->727 737 7ffdfb609684-7ffdfb609697 727->737 738 7ffdfb60969c-7ffdfb6096a4 call 7ffdfb6732d8 727->738 729->734 741 7ffdfb6096ca-7ffdfb6096ee 731->741 732->731 739 7ffdfb609855-7ffdfb609862 call 7ffdfb69f510 734->739 740 7ffdfb60980c-7ffdfb609831 call 7ffdfb69f510 734->740 737->707 746 7ffdfb609699 737->746 738->741 753 7ffdfb609868-7ffdfb60988c 739->753 755 7ffdfb609833-7ffdfb609846 740->755 756 7ffdfb60984b-7ffdfb609853 call 7ffdfb6732d8 740->756 744->710 745->734 746->738 755->744 757 7ffdfb609848 755->757 756->753 757->756
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 4131450254-0
                      • Opcode ID: 4d8872390ca6885f2755a488882e0b7765ea9b18d28c1549018fb8de563b5751
                      • Instruction ID: b4c3da33455dd06be1748edcc89ddf9af0bde216fb308925835c5fa14a8e7b04
                      • Opcode Fuzzy Hash: 4d8872390ca6885f2755a488882e0b7765ea9b18d28c1549018fb8de563b5751
                      • Instruction Fuzzy Hash: FC02B262B0A74281EB149F1AE5146AD6366EB46BE4F584731DFBD0B7E9EE7CE041C300

                      Control-flow Graph

                      APIs
                      • FreeLibrary.KERNEL32(?,?,?,00007FFDFB68FB00,?,?,?,?,00007FFDFB689B19,?,?,?,?,00007FFDFB670BEC), ref: 00007FFDFB68F434
                      • GetProcAddressForCaller.KERNELBASE(?,?,?,00007FFDFB68FB00,?,?,?,?,00007FFDFB689B19,?,?,?,?,00007FFDFB670BEC), ref: 00007FFDFB68F440
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AddressCallerFreeLibraryProc
                      • String ID: api-ms-$ext-ms-
                      • API String ID: 3520295827-537541572
                      • Opcode ID: fac27ec3388f263f1e39d88759a50297de9a3eacf0620e0a0a350d79358b812c
                      • Instruction ID: 7f249046182f51f207fc8f84afbcd3a1914f0d0de17f30c63fe39390e70b8fe8
                      • Opcode Fuzzy Hash: fac27ec3388f263f1e39d88759a50297de9a3eacf0620e0a0a350d79358b812c
                      • Instruction Fuzzy Hash: 7241D232B1BE0382EB169B16A8649692395BF05BD0F488935DD6E4F7ECEE7CE4458340

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 786 7ffdfb67380c-7ffdfb673812 787 7ffdfb673814-7ffdfb673817 786->787 788 7ffdfb67384d-7ffdfb673857 786->788 790 7ffdfb673841-7ffdfb673880 call 7ffdfb67344c 787->790 791 7ffdfb673819-7ffdfb67381c 787->791 789 7ffdfb673974-7ffdfb673989 788->789 795 7ffdfb67398b 789->795 796 7ffdfb673998-7ffdfb6739b2 call 7ffdfb6732e0 789->796 809 7ffdfb67394e 790->809 810 7ffdfb673886-7ffdfb67389b call 7ffdfb6732e0 790->810 793 7ffdfb673834 __scrt_dllmain_crt_thread_attach 791->793 794 7ffdfb67381e-7ffdfb673821 791->794 799 7ffdfb673839-7ffdfb673840 793->799 801 7ffdfb673823-7ffdfb67382c 794->801 802 7ffdfb67382d-7ffdfb673832 call 7ffdfb673390 794->802 797 7ffdfb67398d-7ffdfb673997 795->797 807 7ffdfb6739b4-7ffdfb6739e5 call 7ffdfb673408 call 7ffdfb673cac call 7ffdfb6745b4 call 7ffdfb6735ac call 7ffdfb6735d0 call 7ffdfb673438 796->807 808 7ffdfb6739e7-7ffdfb673a18 call 7ffdfb6740b8 796->808 802->799 807->797 818 7ffdfb673a29-7ffdfb673a2f 808->818 819 7ffdfb673a1a-7ffdfb673a20 808->819 813 7ffdfb673950-7ffdfb673965 809->813 821 7ffdfb6738a1-7ffdfb6738b2 call 7ffdfb673350 810->821 822 7ffdfb673966-7ffdfb673973 call 7ffdfb6740b8 810->822 824 7ffdfb673a71-7ffdfb673a87 call 7ffdfb605ec0 818->824 825 7ffdfb673a31-7ffdfb673a3b 818->825 819->818 823 7ffdfb673a22-7ffdfb673a24 819->823 836 7ffdfb673903-7ffdfb67390d call 7ffdfb6735ac 821->836 837 7ffdfb6738b4-7ffdfb6738d1 call 7ffdfb674578 call 7ffdfb673c9c call 7ffdfb674554 call 7ffdfb68c4f4 821->837 822->789 830 7ffdfb673b0e-7ffdfb673b1b 823->830 842 7ffdfb673abf-7ffdfb673ac1 824->842 843 7ffdfb673a89-7ffdfb673a8b 824->843 831 7ffdfb673a42-7ffdfb673a48 825->831 832 7ffdfb673a3d-7ffdfb673a40 825->832 839 7ffdfb673a4a-7ffdfb673a50 831->839 832->839 836->809 857 7ffdfb67390f-7ffdfb67391b call 7ffdfb674570 836->857 886 7ffdfb6738d6-7ffdfb6738d8 837->886 846 7ffdfb673b04-7ffdfb673b0c 839->846 847 7ffdfb673a56-7ffdfb673a5e call 7ffdfb67380c 839->847 852 7ffdfb673ac3-7ffdfb673ac6 842->852 853 7ffdfb673ac8-7ffdfb673add call 7ffdfb67380c 842->853 843->842 850 7ffdfb673a8d-7ffdfb673aaf call 7ffdfb605ec0 call 7ffdfb673974 843->850 846->830 862 7ffdfb673a63-7ffdfb673a6b 847->862 850->842 883 7ffdfb673ab1-7ffdfb673ab6 850->883 852->846 852->853 853->846 868 7ffdfb673adf-7ffdfb673ae9 853->868 876 7ffdfb673941-7ffdfb67394c 857->876 877 7ffdfb67391d-7ffdfb673927 call 7ffdfb673514 857->877 862->824 862->846 874 7ffdfb673af0-7ffdfb673afe 868->874 875 7ffdfb673aeb-7ffdfb673aee 868->875 880 7ffdfb673b00 874->880 875->880 876->813 877->876 887 7ffdfb673929-7ffdfb673937 877->887 880->846 883->842 886->836 888 7ffdfb6738da-7ffdfb6738e1 __scrt_dllmain_after_initialize_c 886->888 887->876 888->836 889 7ffdfb6738e3-7ffdfb673900 call 7ffdfb68c4b0 888->889 889->836
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                      • String ID:
                      • API String ID: 190073905-0
                      • Opcode ID: d27437b5d63ed5d4306fe20deebea955c2e905071bc7dc1f0f01ce21576cc12b
                      • Instruction ID: 5e4af08b05caad51dd8223a676c6a6aaac10eda9c54167e0ddb12d6ed00dee2e
                      • Opcode Fuzzy Hash: d27437b5d63ed5d4306fe20deebea955c2e905071bc7dc1f0f01ce21576cc12b
                      • Instruction Fuzzy Hash: 6381B121F0A24385FB549B65A461A796690EF85B80F688035DA6C4F7FEEE3CE8478700

                      Control-flow Graph

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLast$closesocketconnectioctlsocketsocket
                      • String ID:
                      • API String ID: 1359816349-0
                      • Opcode ID: 39dd50236cfafcb7601ae828c0674d468b8022b5d7a821f4e6baed1cc42d40f8
                      • Instruction ID: 4c203185f214e6393dabe1955916076a4185846d57ab7f947abc62323ba0ebe0
                      • Opcode Fuzzy Hash: 39dd50236cfafcb7601ae828c0674d468b8022b5d7a821f4e6baed1cc42d40f8
                      • Instruction Fuzzy Hash: 96219C72B0964286EB508F79E85466823A0EB48FB8F149330DA3D8F7E8DF3CD4858700

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1122 7ffdfb676a90-7ffdfb676af3 call 7ffdfb675d30 1125 7ffdfb676b0c-7ffdfb676b15 call 7ffdfb675af4 1122->1125 1126 7ffdfb676af5-7ffdfb676afe call 7ffdfb675af4 1122->1126 1133 7ffdfb676b2b-7ffdfb676b2e 1125->1133 1134 7ffdfb676b17-7ffdfb676b24 call 7ffdfb675af4 * 2 1125->1134 1131 7ffdfb676b04-7ffdfb676b0a 1126->1131 1132 7ffdfb676f8b-7ffdfb676f93 call 7ffdfb68a7f4 1126->1132 1131->1133 1133->1132 1135 7ffdfb676b34-7ffdfb676b40 1133->1135 1134->1133 1138 7ffdfb676b42-7ffdfb676b69 1135->1138 1139 7ffdfb676b6b 1135->1139 1142 7ffdfb676b6d-7ffdfb676b6f 1138->1142 1139->1142 1142->1132 1144 7ffdfb676b75-7ffdfb676b7b 1142->1144 1146 7ffdfb676b81-7ffdfb676b85 1144->1146 1147 7ffdfb676c45-7ffdfb676c5b call 7ffdfb677d28 1144->1147 1146->1147 1149 7ffdfb676b8b-7ffdfb676b96 1146->1149 1152 7ffdfb676ee1-7ffdfb676ee5 1147->1152 1153 7ffdfb676c61-7ffdfb676c65 1147->1153 1149->1147 1151 7ffdfb676b9c-7ffdfb676ba1 1149->1151 1151->1147 1154 7ffdfb676ba7-7ffdfb676bb1 call 7ffdfb675af4 1151->1154 1157 7ffdfb676f1d-7ffdfb676f27 call 7ffdfb675af4 1152->1157 1158 7ffdfb676ee7-7ffdfb676eee 1152->1158 1153->1152 1155 7ffdfb676c6b-7ffdfb676c76 1153->1155 1166 7ffdfb676f29-7ffdfb676f48 call 7ffdfb6737c0 1154->1166 1167 7ffdfb676bb7-7ffdfb676bdd call 7ffdfb675af4 * 2 call 7ffdfb6754fc 1154->1167 1155->1152 1160 7ffdfb676c7c-7ffdfb676c80 1155->1160 1157->1132 1157->1166 1158->1132 1162 7ffdfb676ef4-7ffdfb676f18 call 7ffdfb677204 1158->1162 1164 7ffdfb676ec6-7ffdfb676eca 1160->1164 1165 7ffdfb676c86-7ffdfb676cc1 call 7ffdfb674ed8 1160->1165 1162->1157 1164->1157 1170 7ffdfb676ecc-7ffdfb676ed9 call 7ffdfb674c10 1164->1170 1165->1164 1178 7ffdfb676cc7-7ffdfb676cd3 1165->1178 1192 7ffdfb676bdf-7ffdfb676be3 1167->1192 1193 7ffdfb676bfd-7ffdfb676c07 call 7ffdfb675af4 1167->1193 1180 7ffdfb676f73-7ffdfb676f8a call 7ffdfb675af4 * 2 call 7ffdfb683408 1170->1180 1181 7ffdfb676edf 1170->1181 1182 7ffdfb676cd7-7ffdfb676ce7 1178->1182 1180->1132 1181->1157 1186 7ffdfb676e21-7ffdfb676ec0 1182->1186 1187 7ffdfb676ced-7ffdfb676cf3 1182->1187 1186->1164 1186->1182 1187->1186 1188 7ffdfb676cf9-7ffdfb676d22 call 7ffdfb677ca4 1187->1188 1188->1186 1199 7ffdfb676d28-7ffdfb676d6f call 7ffdfb6754d0 * 2 1188->1199 1192->1193 1196 7ffdfb676be5-7ffdfb676bf0 1192->1196 1193->1147 1205 7ffdfb676c09-7ffdfb676c29 call 7ffdfb675af4 * 2 call 7ffdfb678a18 1193->1205 1196->1193 1200 7ffdfb676bf2-7ffdfb676bf7 1196->1200 1212 7ffdfb676d71-7ffdfb676d96 call 7ffdfb6754d0 call 7ffdfb677638 1199->1212 1213 7ffdfb676dab-7ffdfb676dc1 call 7ffdfb6782a4 1199->1213 1200->1132 1200->1193 1223 7ffdfb676c40 1205->1223 1224 7ffdfb676c2b-7ffdfb676c35 call 7ffdfb678b08 1205->1224 1229 7ffdfb676dc9-7ffdfb676e18 call 7ffdfb6764ec 1212->1229 1230 7ffdfb676d98-7ffdfb676da4 1212->1230 1213->1199 1221 7ffdfb676dc7 1213->1221 1226 7ffdfb676e1d 1221->1226 1223->1147 1231 7ffdfb676f6d-7ffdfb676f72 call 7ffdfb683408 1224->1231 1232 7ffdfb676c3b-7ffdfb676f6c call 7ffdfb67462c call 7ffdfb677e48 call 7ffdfb6748f8 1224->1232 1226->1186 1229->1226 1230->1212 1234 7ffdfb676da6 1230->1234 1231->1180 1232->1231 1234->1213
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                      • String ID: csm$csm$csm
                      • API String ID: 3523768491-393685449
                      • Opcode ID: 86f70044e9b801db0a36925008141f5f3a80cff1a65b42b6f3ac88d6b9c6f9b1
                      • Instruction ID: fd5b793108ce1ea059270bf50df6278475b63276da5cb9953c18e5c70f4ea7bf
                      • Opcode Fuzzy Hash: 86f70044e9b801db0a36925008141f5f3a80cff1a65b42b6f3ac88d6b9c6f9b1
                      • Instruction Fuzzy Hash: 96E1A773A096838AEB10DF65E490ABD3BA0FB45748F244135DE6D4B6E9DF38E581CB40

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1244 7ffdfb604620-7ffdfb604685 call 7ffdfb6041f0 call 7ffdfb67329c 1249 7ffdfb604687-7ffdfb604692 call 7ffdfb671144 1244->1249 1250 7ffdfb604694 1244->1250 1252 7ffdfb604697-7ffdfb6046d5 call 7ffdfb601d40 1249->1252 1250->1252 1258 7ffdfb6046d7-7ffdfb6046e3 1252->1258 1259 7ffdfb6046f3-7ffdfb6046fc 1252->1259 1258->1259 1266 7ffdfb6046e5-7ffdfb6046ed 1258->1266 1260 7ffdfb60470f-7ffdfb604712 1259->1260 1261 7ffdfb6046fe-7ffdfb60470d 1259->1261 1264 7ffdfb60471c-7ffdfb604736 1260->1264 1265 7ffdfb604714-7ffdfb604717 call 7ffdfb671750 1260->1265 1261->1260 1263 7ffdfb604737-7ffdfb604739 1261->1263 1268 7ffdfb60473b-7ffdfb604742 1263->1268 1269 7ffdfb604744-7ffdfb604754 1263->1269 1265->1264 1266->1259 1270 7ffdfb604758-7ffdfb6047c3 call 7ffdfb6049f0 call 7ffdfb6027b0 call 7ffdfb6748f8 call 7ffdfb673760 1268->1270 1269->1270 1280 7ffdfb6047c9-7ffdfb604805 call 7ffdfb69fbb0 GetModuleFileNameW call 7ffdfb674790 1270->1280 1281 7ffdfb6049c2-7ffdfb6049e6 call 7ffdfb6737c0 1270->1281 1288 7ffdfb604807-7ffdfb60480f SetCurrentDirectoryW 1280->1288 1289 7ffdfb604815-7ffdfb60482a call 7ffdfb67329c 1280->1289 1288->1289 1292 7ffdfb60482c-7ffdfb60483d call 7ffdfb6192b0 1289->1292 1293 7ffdfb604857 1289->1293 1296 7ffdfb604842-7ffdfb604855 1292->1296 1295 7ffdfb60485a-7ffdfb60486b 1293->1295 1297 7ffdfb60489c-7ffdfb6048b1 call 7ffdfb606b40 1295->1297 1298 7ffdfb60486d-7ffdfb604871 1295->1298 1296->1295 1307 7ffdfb6048d6-7ffdfb6048df call 7ffdfb601540 1297->1307 1308 7ffdfb6048b3-7ffdfb6048d4 1297->1308 1299 7ffdfb6049e7-7ffdfb6049ef call 7ffdfb683408 1298->1299 1300 7ffdfb604877-7ffdfb604895 call 7ffdfb602c90 call 7ffdfb619f80 call 7ffdfb6732d8 1298->1300 1300->1297 1309 7ffdfb6048e0-7ffdfb6048ed 1307->1309 1308->1309 1313 7ffdfb604918-7ffdfb604934 call 7ffdfb60bca0 1309->1313 1314 7ffdfb6048ef-7ffdfb6048f9 1309->1314 1322 7ffdfb604959-7ffdfb604962 call 7ffdfb601540 1313->1322 1323 7ffdfb604936-7ffdfb604957 1313->1323 1314->1313 1316 7ffdfb6048fb-7ffdfb60490d 1314->1316 1316->1313 1324 7ffdfb60490f-7ffdfb604912 1316->1324 1325 7ffdfb604963-7ffdfb60496b 1322->1325 1323->1325 1324->1313 1328 7ffdfb604994-7ffdfb6049ab call 7ffdfb605200 1325->1328 1329 7ffdfb60496d-7ffdfb604977 1325->1329 1328->1281 1334 7ffdfb6049ad 1328->1334 1329->1328 1330 7ffdfb604979-7ffdfb604989 1329->1330 1330->1328 1335 7ffdfb60498b-7ffdfb60498e 1330->1335 1336 7ffdfb6049b0-7ffdfb6049b3 1334->1336 1335->1328 1338 7ffdfb6049b6 call 7ffdfb608250 1336->1338 1339 7ffdfb6049b6 call 7ffdfb60bef0 1336->1339 1337 7ffdfb6049b9-7ffdfb6049c0 1337->1281 1337->1336 1338->1337 1339->1337
                      APIs
                        • Part of subcall function 00007FFDFB671144: std::_Lockit::_Lockit.LIBCPMT ref: 00007FFDFB671161
                        • Part of subcall function 00007FFDFB671144: std::locale::_Setgloballocale.LIBCPMT ref: 00007FFDFB671184
                        • Part of subcall function 00007FFDFB671144: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FFDFB671219
                      • GetModuleFileNameW.KERNEL32(?,00007FFDFB604FB9,?,?,?,?,00007FFDFB602E09,?,?,?,?,00007FFDFB6013A1), ref: 00007FFDFB6047ED
                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB60203C), ref: 00007FFDFB60480F
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Lockitstd::_$CurrentDirectoryFileLockit::_Lockit::~_ModuleNameSetgloballocalestd::locale::_
                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                      • API String ID: 3950130698-1866435925
                      • Opcode ID: c2ed5789f868c68b1f47cf0c7976ca9e49e2de42e793f4521e1ce3075f05a869
                      • Instruction ID: cec9e7488a0fe82b49bf1a520d5905d6dd6c66fca235f40144d65db7234fd769
                      • Opcode Fuzzy Hash: c2ed5789f868c68b1f47cf0c7976ca9e49e2de42e793f4521e1ce3075f05a869
                      • Instruction Fuzzy Hash: E0B15F32B0AB4282EB209F16E5A066973A4FB45FC4F584535DAAD0B7B9DF3CD491C340

                      Control-flow Graph

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_fs_code_page
                      • String ID: ", "$: "
                      • API String ID: 1190743560-747220369
                      • Opcode ID: 8c89c7d122e534f9dee339fa2876868dcb4f4e0b7ee5407399f2af437675f0a4
                      • Instruction ID: 54408af641032fd5b13ae4b33b948dbf415d076c8d0f553c25ac896e371d4d3d
                      • Opcode Fuzzy Hash: 8c89c7d122e534f9dee339fa2876868dcb4f4e0b7ee5407399f2af437675f0a4
                      • Instruction Fuzzy Hash: 2B716D72B15A468AEB00DF66D1607AD2371EB49BC8F148531EEAD1BBE9DF38D152C340

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1391 7ffdfb637040-7ffdfb637065 1392 7ffdfb63706b-7ffdfb6370ab select 1391->1392 1393 7ffdfb6371c9-7ffdfb6371e1 call 7ffdfb6737c0 1391->1393 1395 7ffdfb63710d-7ffdfb63710f 1392->1395 1396 7ffdfb6370ad-7ffdfb6370e1 getsockopt 1392->1396 1400 7ffdfb637111-7ffdfb637142 call 7ffdfb670f18 1395->1400 1401 7ffdfb637146-7ffdfb63714d call 7ffdfb687018 call 7ffdfb6871b4 1395->1401 1398 7ffdfb6370e3-7ffdfb6370e7 1396->1398 1399 7ffdfb637152-7ffdfb63715c 1396->1399 1398->1399 1405 7ffdfb6370e9-7ffdfb6370fd 1398->1405 1403 7ffdfb63715e-7ffdfb637182 shutdown closesocket 1399->1403 1404 7ffdfb637185-7ffdfb63718f 1399->1404 1408 7ffdfb6371c1 1400->1408 1412 7ffdfb637144 1400->1412 1401->1399 1403->1404 1404->1408 1409 7ffdfb637191 1404->1409 1405->1408 1410 7ffdfb637103-7ffdfb637108 1405->1410 1408->1393 1414 7ffdfb637196-7ffdfb6371af 1409->1414 1410->1414 1412->1399 1414->1408 1416 7ffdfb6371b1-7ffdfb6371bd 1414->1416 1416->1408
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xtime_get_ticksclosesocketgetsockoptselectshutdown
                      • String ID:
                      • API String ID: 3691980445-0
                      • Opcode ID: c11567532b74d8886d3d7ded0112bccaaec703242630cc9581770f6b9352ed6a
                      • Instruction ID: e46c3a728f7ec1a4e6cb3dcb62986c236588ca4650325a6bd49cff2c445d0784
                      • Opcode Fuzzy Hash: c11567532b74d8886d3d7ded0112bccaaec703242630cc9581770f6b9352ed6a
                      • Instruction Fuzzy Hash: 5E415F7370AA4685DB50CF25E4A4A2973A5EB84F94F188136DA6D4B7F8CF3CD445C700

                      Control-flow Graph

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 2067211477-0
                      • Opcode ID: 99777dbfb1ab3b35bd5ce1dbae2fe987180edb9c4937ced0f73f80d2fe3bb09c
                      • Instruction ID: c14751c820ab7406b9c33b927a467b9daeb71eb98d650658bf69c4754cef973d
                      • Opcode Fuzzy Hash: 99777dbfb1ab3b35bd5ce1dbae2fe987180edb9c4937ced0f73f80d2fe3bb09c
                      • Instruction Fuzzy Hash: 00211D75B0AB4385EF14DB65A420979B3A4BF88B94F088535EE6D4B7B9DF3CE4408740

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1442 7ffdfb690f1c-7ffdfb690f41 1443 7ffdfb690f47-7ffdfb690f4a 1442->1443 1444 7ffdfb69120f 1442->1444 1445 7ffdfb690f4c-7ffdfb690f7e call 7ffdfb681848 1443->1445 1446 7ffdfb690f83-7ffdfb690faf 1443->1446 1447 7ffdfb691211-7ffdfb691221 1444->1447 1445->1447 1449 7ffdfb690fba-7ffdfb690fc0 1446->1449 1450 7ffdfb690fb1-7ffdfb690fb8 1446->1450 1452 7ffdfb690fd0-7ffdfb690fe5 call 7ffdfb69a778 1449->1452 1453 7ffdfb690fc2-7ffdfb690fcb call 7ffdfb692868 1449->1453 1450->1445 1450->1449 1457 7ffdfb690feb-7ffdfb690ff4 1452->1457 1458 7ffdfb6910ff-7ffdfb691108 1452->1458 1453->1452 1457->1458 1461 7ffdfb690ffa-7ffdfb690ffe 1457->1461 1459 7ffdfb69110a-7ffdfb691110 1458->1459 1460 7ffdfb69115c-7ffdfb691181 WriteFile 1458->1460 1466 7ffdfb691148-7ffdfb69115a call 7ffdfb6909d4 1459->1466 1467 7ffdfb691112-7ffdfb691115 1459->1467 1464 7ffdfb69118c 1460->1464 1465 7ffdfb691183-7ffdfb691189 GetLastError 1460->1465 1462 7ffdfb69100f-7ffdfb69101a 1461->1462 1463 7ffdfb691000-7ffdfb691008 call 7ffdfb686800 1461->1463 1469 7ffdfb69102b-7ffdfb691040 GetConsoleMode 1462->1469 1470 7ffdfb69101c-7ffdfb691025 1462->1470 1463->1462 1472 7ffdfb69118f 1464->1472 1465->1464 1487 7ffdfb6910ec-7ffdfb6910f3 1466->1487 1473 7ffdfb691117-7ffdfb69111a 1467->1473 1474 7ffdfb691134-7ffdfb691146 call 7ffdfb690bf4 1467->1474 1477 7ffdfb691046-7ffdfb69104c 1469->1477 1478 7ffdfb6910f8 1469->1478 1470->1458 1470->1469 1480 7ffdfb691194 1472->1480 1481 7ffdfb6911a0-7ffdfb6911aa 1473->1481 1482 7ffdfb691120-7ffdfb691132 call 7ffdfb690ad8 1473->1482 1474->1487 1485 7ffdfb6910d5-7ffdfb6910e7 call 7ffdfb69055c 1477->1485 1486 7ffdfb691052-7ffdfb691055 1477->1486 1478->1458 1488 7ffdfb691199 1480->1488 1489 7ffdfb691208-7ffdfb69120d 1481->1489 1490 7ffdfb6911ac-7ffdfb6911b1 1481->1490 1482->1487 1485->1487 1495 7ffdfb691057-7ffdfb69105a 1486->1495 1496 7ffdfb691060-7ffdfb69106e 1486->1496 1487->1480 1488->1481 1489->1447 1491 7ffdfb6911df-7ffdfb6911e9 1490->1491 1492 7ffdfb6911b3-7ffdfb6911b6 1490->1492 1499 7ffdfb6911eb-7ffdfb6911ee 1491->1499 1500 7ffdfb6911f0-7ffdfb6911ff 1491->1500 1497 7ffdfb6911b8-7ffdfb6911c7 1492->1497 1498 7ffdfb6911cf-7ffdfb6911da call 7ffdfb686fd4 1492->1498 1495->1488 1495->1496 1501 7ffdfb6910cc-7ffdfb6910d0 1496->1501 1502 7ffdfb691070 1496->1502 1497->1498 1498->1491 1499->1444 1499->1500 1500->1489 1501->1472 1504 7ffdfb691074-7ffdfb69108b call 7ffdfb69a7d8 1502->1504 1508 7ffdfb69108d-7ffdfb691099 1504->1508 1509 7ffdfb6910c3-7ffdfb6910c9 GetLastError 1504->1509 1510 7ffdfb6910b8-7ffdfb6910bf 1508->1510 1511 7ffdfb69109b-7ffdfb6910ad call 7ffdfb69a7d8 1508->1511 1509->1501 1510->1501 1513 7ffdfb6910c1 1510->1513 1511->1509 1515 7ffdfb6910af-7ffdfb6910b6 1511->1515 1513->1504 1515->1510
                      APIs
                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,?,00000000,00000000,00000000,00007FFDFB690F07), ref: 00007FFDFB691038
                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,?,00000000,00000000,00000000,00007FFDFB690F07), ref: 00007FFDFB6910C3
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ConsoleErrorLastMode
                      • String ID:
                      • API String ID: 953036326-0
                      • Opcode ID: cdbac25eb94036b68be2bf32beff7597bbd0c85076b4bc485098a4ff3e7edc18
                      • Instruction ID: 92ed0aeb2e38ca95a23163d11e2088e428bb895bc527a7b19997d1bc14c72e0e
                      • Opcode Fuzzy Hash: cdbac25eb94036b68be2bf32beff7597bbd0c85076b4bc485098a4ff3e7edc18
                      • Instruction Fuzzy Hash: 0991F632F09653A5F7509F659461ABD3BA4BB04B8CF244139DE2E6B6E8CF39D482C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 73155330-0
                      • Opcode ID: 6e0433e4903703358321312571658274a30d0a53fbf1085410c8f09ba746fe34
                      • Instruction ID: d2b01f920546f7c33d8252b6c032d3045e1066d45628a8238ebdc916755a83dc
                      • Opcode Fuzzy Hash: 6e0433e4903703358321312571658274a30d0a53fbf1085410c8f09ba746fe34
                      • Instruction Fuzzy Hash: 7D71C162B0AB4681EB049F25E5502683360FB55BD8F589731DBBC0B6E9EF78E5E1C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __std_exception_copy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3081569584-0
                      • Opcode ID: cf2727a89a6df3fcf2f109d9cdc5695eeba21d53f9047657b31915a917fa9806
                      • Instruction ID: ee600da4aa493e8f0270f99c098065ac111508b9f8b5e2ace186275af8d2668a
                      • Opcode Fuzzy Hash: cf2727a89a6df3fcf2f109d9cdc5695eeba21d53f9047657b31915a917fa9806
                      • Instruction Fuzzy Hash: AB518422B1AB8781EB119F15E5607B96360FF55798F148231EABC0A7E9EE7CE1D18700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __except_validate_context_record
                      • String ID: csm$csm
                      • API String ID: 1467352782-3733052814
                      • Opcode ID: 282cf80225fd299b1abca99f13e083387eb35b3b8e667bb542359d771bf21bed
                      • Instruction ID: 7fcd17a561a5a099d10f1277334d42b8e9a00b3ecaa510e09d97faa6f200768f
                      • Opcode Fuzzy Hash: 282cf80225fd299b1abca99f13e083387eb35b3b8e667bb542359d771bf21bed
                      • Instruction Fuzzy Hash: 09719272A0A6838AD7608F25E464A7D7BA0EB04F89F249136DE5C4BAEDCF3CD551C740
                      APIs
                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDFB670E42), ref: 00007FFDFB674948
                      • RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FFDFB670E42), ref: 00007FFDFB674989
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ExceptionFileHeaderRaise
                      • String ID: csm
                      • API String ID: 2573137834-1018135373
                      • Opcode ID: 6c0ee941a5fd2032a55f7790bdc9da8f6e480a48f6324f8c867cc612cbbbd1ec
                      • Instruction ID: d3f0f541b67a101ff6dbd68d0579463a105ae64a65219299759ced6a505d4d76
                      • Opcode Fuzzy Hash: 6c0ee941a5fd2032a55f7790bdc9da8f6e480a48f6324f8c867cc612cbbbd1ec
                      • Instruction Fuzzy Hash: FE112E32619B8282EB618F15F85466977E4FB88B94F684234DBDD0B7A8DF3CD551CB00
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: freeaddrinfogetaddrinfoinet_pton
                      • String ID:
                      • API String ID: 1485407518-0
                      • Opcode ID: 71f05dd9818d35825532a9016005242d26091936dfc728d4d261b762eb1db1fc
                      • Instruction ID: 203f53e1e76726e0cfea59a8e24f5dc2b1cba258b094117a03648fdc6060c3e3
                      • Opcode Fuzzy Hash: 71f05dd9818d35825532a9016005242d26091936dfc728d4d261b762eb1db1fc
                      • Instruction Fuzzy Hash: 9BF0F662B1814283EB008F61E89452AA7A4EBC8B40F549030EA2E4B7A8CE3CC4D48A00
                      APIs
                        • Part of subcall function 00007FFDFB68D6E8: GetLastError.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D6F7
                        • Part of subcall function 00007FFDFB68D6E8: SetLastError.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D797
                      • CloseHandle.KERNEL32(?,?,?,00007FFDFB683C35,?,?,?,?,00007FFDFB683A79), ref: 00007FFDFB683AC3
                      • FreeLibraryAndExitThread.KERNELBASE(?,?,?,00007FFDFB683C35,?,?,?,?,00007FFDFB683A79), ref: 00007FFDFB683AD9
                      • ExitThread.KERNEL32 ref: 00007FFDFB683AE2
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                      • String ID:
                      • API String ID: 1991824761-0
                      • Opcode ID: bc521eb744b56d4d7c43ec361a909a3c4422a81733ababd830c44482d6106520
                      • Instruction ID: 862033fb90e0ebf803b9616b775e732f0da88323835e917cf2e420e4e48ad6cd
                      • Opcode Fuzzy Hash: bc521eb744b56d4d7c43ec361a909a3c4422a81733ababd830c44482d6106520
                      • Instruction Fuzzy Hash: 7CF0EC21B0AA8781EF15AB2194A497D6355AF40F78F1C8735E63D0A2E8DF69D845C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: f1f3be0d8289f931219a798eca4acb91415a810092496b3f375f625ec87347fc
                      • Instruction ID: adee77b92d9b72f11d37bf528b7c639ffb3f63190e956f6c272b014928d43979
                      • Opcode Fuzzy Hash: f1f3be0d8289f931219a798eca4acb91415a810092496b3f375f625ec87347fc
                      • Instruction Fuzzy Hash: 8E31F441B0B38B01DE188B5BA4359B982519F85BD0F1C9036E9AE0F3F9FE3CE1415640
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: exists
                      • API String ID: 3668304517-2996790960
                      • Opcode ID: 557432e78ac4bb59e3dd722b2fb915ee1686ce18a60d76e7648752bb6f0d75b6
                      • Instruction ID: b97f172ef63745226484ba5f914df567f559def9440aec152fd96ec71cf88c09
                      • Opcode Fuzzy Hash: 557432e78ac4bb59e3dd722b2fb915ee1686ce18a60d76e7648752bb6f0d75b6
                      • Instruction Fuzzy Hash: D3718D62B16A4396FB109B65C461AFC2361FB40788F548036DA2D6BBEDDF38E895C340
                      APIs
                        • Part of subcall function 00007FFDFB6023B0: __std_exception_copy.LIBVCRUNTIME ref: 00007FFDFB60250B
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB60A378
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                      • String ID: Unknown exception
                      • API String ID: 1109970293-410509341
                      • Opcode ID: 272b772ca72e2427ca6ae95a7410aa6c99451e4cd49d01b1462d97e0007adf58
                      • Instruction ID: de4622227bb3a00254536db52bde65e5c69871bb2c2fa0b4242dede2f9a1e636
                      • Opcode Fuzzy Hash: 272b772ca72e2427ca6ae95a7410aa6c99451e4cd49d01b1462d97e0007adf58
                      • Instruction Fuzzy Hash: 4331A462A19BC680DB108B28E4516A96360FB99BE8F145331EAAD467E9EF3CD180C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Cpp_errorThrow_std::_
                      • String ID:
                      • API String ID: 2134207285-0
                      • Opcode ID: 4fcbc9f217030a8848bf38beef8000aec68b2bb5a45489cf0f56deadd8864356
                      • Instruction ID: 7b47ce579cc3525102f5f338af2f7070a213007f5d7e2c9ebd804f3690c3f2b4
                      • Opcode Fuzzy Hash: 4fcbc9f217030a8848bf38beef8000aec68b2bb5a45489cf0f56deadd8864356
                      • Instruction Fuzzy Hash: 3D423932706B8695EB64CF65D8A06EC37A4FB48F88F545036DA5E1BBA8DF38D585C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: f117e100b09410e0a1919b0bd5c4200c13b1afd9900784983f740f603c94a894
                      • Instruction ID: 7ab83fd88ab74bbae70ef3993409fda5dc3e65bfa7e9e6a8ed75dd90801d144f
                      • Opcode Fuzzy Hash: f117e100b09410e0a1919b0bd5c4200c13b1afd9900784983f740f603c94a894
                      • Instruction Fuzzy Hash: 9261AB61B0A78751FF709B14A5207B96361FF45B94F449231EBBD0B6EEDE2CE0558B00
                      APIs
                      • GetModuleFileNameW.KERNEL32(?,00007FFDFB604FB9,?,?,?,?,00007FFDFB602E09,?,?,?,?,00007FFDFB6013A1), ref: 00007FFDFB6047ED
                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB60203C), ref: 00007FFDFB60480F
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CurrentDirectoryFileModuleName
                      • String ID:
                      • API String ID: 3981628254-0
                      • Opcode ID: f1b0872ea2d59bf33b17546a330973ff1834ffd44612060ebb7ed0de1d25a9d1
                      • Instruction ID: a40d9af6146bd837de8f7cd9b4a7258fb2d314259bb937fd5b6a439046e95fdf
                      • Opcode Fuzzy Hash: f1b0872ea2d59bf33b17546a330973ff1834ffd44612060ebb7ed0de1d25a9d1
                      • Instruction Fuzzy Hash: CA716F32B0AB4282EB509F16D8A05697364FB85FC4B598532DAAD0B7F9DF3CD891C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: d51f63c508b1c6f47152e6513895ae8384bcd36d7e021995f60aa0b87e8b8d1b
                      • Instruction ID: ddfdf9118ad2dd5d04dd94bd05344114c7ed937b88c4b32af221cb48cee900bb
                      • Opcode Fuzzy Hash: d51f63c508b1c6f47152e6513895ae8384bcd36d7e021995f60aa0b87e8b8d1b
                      • Instruction Fuzzy Hash: 4741B322719B8681DB048F25E45476D7361FB8ABC4F149131EBAD0B7A9DF7CE4918300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 73155330-0
                      • Opcode ID: c6d4f628b08a21704d5fcb098e5f0cf7210ce84c82b8fb47dc30fe333833a882
                      • Instruction ID: 277c79dfd21bfa3565f9f3f8b70a016c64e93c50a6e21ccba45390df77082846
                      • Opcode Fuzzy Hash: c6d4f628b08a21704d5fcb098e5f0cf7210ce84c82b8fb47dc30fe333833a882
                      • Instruction Fuzzy Hash: CF319821B1B74385EB249F52A5506B96260EB067F4F6D0B30DABD1F7EADE7CE4518300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: FormatFreeInfoLocalLocaleMessage
                      • String ID: error
                      • API String ID: 334183667-1574812785
                      • Opcode ID: 462e93a2a7ea56a182f9dae578cb09aebdbf4b1920f62f982d4549374f346732
                      • Instruction ID: 1f12b518051727f6ebfca732a0dab5e63d6800b0c0c2413e39ab562607cc692d
                      • Opcode Fuzzy Hash: 462e93a2a7ea56a182f9dae578cb09aebdbf4b1920f62f982d4549374f346732
                      • Instruction Fuzzy Hash: 1F01E52260974281D7108F25E450329B7A0EB95BD8F088135EA9D0F7ADDF3CD590CB00
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CreateDirectoryErrorLast
                      • String ID:
                      • API String ID: 1375471231-0
                      • Opcode ID: 757ce9c9e08d4847cf2f9e5cc3410e908989f10ec60d5e69d6bf4818a7408166
                      • Instruction ID: 7c898516e21fde4a6cb06fc72f3d1ea3657bc2b0b95fb1668daf5a71452ffada
                      • Opcode Fuzzy Hash: 757ce9c9e08d4847cf2f9e5cc3410e908989f10ec60d5e69d6bf4818a7408166
                      • Instruction Fuzzy Hash: 2D01A72170C68386EB105769F450B29A791DBD47D4F544035D9694A7E9DF7CC844CF00
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorExitLastThread
                      • String ID:
                      • API String ID: 1611280651-0
                      • Opcode ID: 17418eb81ec3f01867f5d5f14eefeeead7987301525fe47a36211ace609e8039
                      • Instruction ID: c2c36534a4a12962118af3c7a1787beeeb0c538395e7a94b3b31144f9263b266
                      • Opcode Fuzzy Hash: 17418eb81ec3f01867f5d5f14eefeeead7987301525fe47a36211ace609e8039
                      • Instruction Fuzzy Hash: 41F03026F1BA4346EF14AB71943597D12A4AF58B45F18D434E93A4F3FADF2CE8448340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLastsend
                      • String ID:
                      • API String ID: 1802528911-0
                      • Opcode ID: f3e46029d5772f344bcda0da26d45a1d25a26c566ccafb9aacb14fb370f76f93
                      • Instruction ID: 650b026ca00600be98795aa3904189cd69db5ce757dbcc34768c4dcebd783bfe
                      • Opcode Fuzzy Hash: f3e46029d5772f344bcda0da26d45a1d25a26c566ccafb9aacb14fb370f76f93
                      • Instruction Fuzzy Hash: 7EF015A2F0A40781EB645775A864C3922949B59B35F6C5330EA3D8A7F4DF2C98D58200
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: closesocketshutdown
                      • String ID:
                      • API String ID: 572888783-0
                      • Opcode ID: 2ff24bd5920609b28a39566270504161875c5185a9e5713c51adad6fe44eae40
                      • Instruction ID: 4c0ee6748f804494d83117ee69cba3b015d046cfc86bd4b8fcddcf986a10fa59
                      • Opcode Fuzzy Hash: 2ff24bd5920609b28a39566270504161875c5185a9e5713c51adad6fe44eae40
                      • Instruction Fuzzy Hash: A5F0AC66B0590981DF109F66D8A56282364E799F74F549321DA3D4B3F4CF2CC89A8711
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task
                      • String ID:
                      • API String ID: 118556049-0
                      • Opcode ID: 2580385b278e020394163aac2d1191409e56aaf6b6bf7d391eac677159168c8f
                      • Instruction ID: f94a82b77501c3e12851541bcdc71246bc0677720831d4c13f08f05213a8df0f
                      • Opcode Fuzzy Hash: 2580385b278e020394163aac2d1191409e56aaf6b6bf7d391eac677159168c8f
                      • Instruction Fuzzy Hash: 99E0BD40F1B60B86FB2822A229268B801849F093B0E2C1B309D3E4D2EBAD1CA4968124
                      APIs
                      • RtlFreeHeap.NTDLL(?,?,07A1D02583480000,00007FFDFB69847E,?,?,?,00007FFDFB6987FB,?,?,00000000,00007FFDFB69792D,?,?,00007FFDFB68C2FE,00007FFDFB69785F), ref: 00007FFDFB68F166
                      • GetLastError.KERNEL32(?,?,07A1D02583480000,00007FFDFB69847E,?,?,?,00007FFDFB6987FB,?,?,00000000,00007FFDFB69792D,?,?,00007FFDFB68C2FE,00007FFDFB69785F), ref: 00007FFDFB68F170
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorFreeHeapLast
                      • String ID:
                      • API String ID: 485612231-0
                      • Opcode ID: f11037f5edfbf42a9deee101c04b3b61a4e096c9f67bd90de0004014c67794f1
                      • Instruction ID: 842c47199e582c78d85f6153d13ed98fd5e570b0cf43ca5a34fbef823f88ad42
                      • Opcode Fuzzy Hash: f11037f5edfbf42a9deee101c04b3b61a4e096c9f67bd90de0004014c67794f1
                      • Instruction Fuzzy Hash: 89E08660F1BA0346FF156BF19C7483512515F48B40B448834D93D5F2F9DF2CE8458210
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xtime_get_ticksgetsockoptselect
                      • String ID:
                      • API String ID: 1005471539-0
                      • Opcode ID: 0d19c897b4ba49168a14ea28512a1af9b5bd5a11909fdbc67f7435003416c13b
                      • Instruction ID: 67f8a06c1cc31f5e3a9274d4a5208afa35ce09d0f2fb30b7dbeefbfe97d6ec36
                      • Opcode Fuzzy Hash: 0d19c897b4ba49168a14ea28512a1af9b5bd5a11909fdbc67f7435003416c13b
                      • Instruction Fuzzy Hash: 8B617162B0A78382FF649B25E9605A963A1FB45BC4F444136CEAD4BBE9DF3CE551C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: bb0296bee2c423671b67c711bb50c3c51c975d5a4596ff2d0be9e26b6d1aa91c
                      • Instruction ID: efdc5a9045605bb94380d73bfda7def8aee3f6f67d81c3d65573d678ac422cfd
                      • Opcode Fuzzy Hash: bb0296bee2c423671b67c711bb50c3c51c975d5a4596ff2d0be9e26b6d1aa91c
                      • Instruction Fuzzy Hash: FD41A5B6B0A64682DB549B16D05067D37A0FB4DBD0F588631DBAD077E8DF78D492C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __std_fs_directory_iterator_open
                      • String ID:
                      • API String ID: 4007087469-0
                      • Opcode ID: 3e70b05b9e45052def08f7674481f97674654eb7707a456d048aa7bb23f37626
                      • Instruction ID: ff3721b7feff17dc00069f152653684ea170ce262c2c4b37757c18b826b2ac72
                      • Opcode Fuzzy Hash: 3e70b05b9e45052def08f7674481f97674654eb7707a456d048aa7bb23f37626
                      • Instruction Fuzzy Hash: 6941D726B1A60341FB648A16E4B0B7D1290EF9A7D4F5C8135D9BF8B6EDDD3CE9418700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: e1cd14a13005fc96928d26870f00520be21b7431fcab899014090829d16f7556
                      • Instruction ID: fad6d55e9e92c5c310379ecf2e1d664f111832a149af561794fa69cdecf806b8
                      • Opcode Fuzzy Hash: e1cd14a13005fc96928d26870f00520be21b7431fcab899014090829d16f7556
                      • Instruction Fuzzy Hash: 86215E22716A4681EB15DF66D06077C63A0FB89FC8F188535DE9E0B7ADCE38D8518340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Unwind
                      • String ID:
                      • API String ID: 3419175465-0
                      • Opcode ID: b8ff46583accbce3905757664e7e3a7c093d0a25e9bb5b7fa43e3e971774cc07
                      • Instruction ID: 63ddb22ea72b17fb9c9f111596f9b3b0113aa32fd80c6c3a17596b159e3cf782
                      • Opcode Fuzzy Hash: b8ff46583accbce3905757664e7e3a7c093d0a25e9bb5b7fa43e3e971774cc07
                      • Instruction Fuzzy Hash: 1731D727A15F848AE740CF68E5512AC37B4F798B48F15A215DF8C16726EF35E1A5C340
                      APIs
                        • Part of subcall function 00007FFDFB673D60: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFDFB658054,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00007FFDFB673D70
                      • WSAStartup.WS2_32 ref: 00007FFDFB636963
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AcquireExclusiveLockStartup
                      • String ID:
                      • API String ID: 2099235001-0
                      • Opcode ID: 88d748167582de356a28182cb4cea580d1f3321c7efc9fbc1cbf8e7f2d389bbb
                      • Instruction ID: 683529a69f990dd942f0d7e4ac186e74c482f1cd1eab126912bc3eaec7b89913
                      • Opcode Fuzzy Hash: 88d748167582de356a28182cb4cea580d1f3321c7efc9fbc1cbf8e7f2d389bbb
                      • Instruction Fuzzy Hash: 4531EE22E1AB8382F710DB10D9617B82720FBE9714F566336DABD063F5DF68A5D18300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: 482ce59d7e8c258f1327ccc8b09f5aec7ad2a54863282383d8443bd07c7a2b6b
                      • Instruction ID: a7f370a7eb9ad25f0bbdbc5d29f4c218dac1ae03e04d563cc76f1e4a7bd50d46
                      • Opcode Fuzzy Hash: 482ce59d7e8c258f1327ccc8b09f5aec7ad2a54863282383d8443bd07c7a2b6b
                      • Instruction Fuzzy Hash: E1119172B11A8A82EB54AF2AD49473D2351EB46F98F1C8031CA6D0F7E9CF2CC8818740
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: b3a4cf01d8e3b0bbd9f93e6e1181de7a736276568b9d6cf326aa00229b550730
                      • Instruction ID: 3fb70c5a580a5f659d655c43e29fea2c13e40aba44ca05ad37e8a0640a0f5518
                      • Opcode Fuzzy Hash: b3a4cf01d8e3b0bbd9f93e6e1181de7a736276568b9d6cf326aa00229b550730
                      • Instruction Fuzzy Hash: D101E9A2B1964341EF10DB15E45127E6361EB8ABE4F185332EBBD0B7EDEE2CD0C18600
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Cpp_errorThrow_std::_
                      • String ID:
                      • API String ID: 2134207285-0
                      • Opcode ID: fff385fa39524c2d2563ba7ec1d471bf166fab1a67f7869e259a0ccbfe3ed554
                      • Instruction ID: e2d712f0120ea9acddea84100d1eeb1609b5764e10812a63284d5010ee2c5e48
                      • Opcode Fuzzy Hash: fff385fa39524c2d2563ba7ec1d471bf166fab1a67f7869e259a0ccbfe3ed554
                      • Instruction Fuzzy Hash: 46018461A1AB4282E701DB61E061BB66290FF98384F489134FAAE0A3E9DF3CD1558B00
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: ccdc006c7259c2f4ffcc47a8514a4352897b42faacfe0ab8532af73d0d23ac09
                      • Instruction ID: dc08e0b2c091734460ba08895b29730e54e560c65b963fddf939e9f487cfd87a
                      • Opcode Fuzzy Hash: ccdc006c7259c2f4ffcc47a8514a4352897b42faacfe0ab8532af73d0d23ac09
                      • Instruction Fuzzy Hash: DDF082A1B1268691EF089B29D09577C23A1EB09FC8F689031CB6D4A6ADDF6DD9D1C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: a873d3e6ffc528d8c2f8a5a0f89adec08bdcbb6ee6f3ff6513724ac88ae8373e
                      • Instruction ID: 291499378a2daf9aa27ea1d155660ea0d05e90cf0df7fd5171886c1b354af5f0
                      • Opcode Fuzzy Hash: a873d3e6ffc528d8c2f8a5a0f89adec08bdcbb6ee6f3ff6513724ac88ae8373e
                      • Instruction Fuzzy Hash: B6F0A051B5A50782EE14976A94A57BC12419F8ABF4F684331DA7D0E3EACD1CA0C29304
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: getaddrinfohtonsinet_pton
                      • String ID:
                      • API String ID: 885370656-0
                      • Opcode ID: 675e6b29f07a634f173ce4ed76fad9e3ff1f631715f922197fbe8067e59944f3
                      • Instruction ID: daed3a8507a2e4b65e455e3cfb548d2fff2a18ceed887647f05c77fbbc666771
                      • Opcode Fuzzy Hash: 675e6b29f07a634f173ce4ed76fad9e3ff1f631715f922197fbe8067e59944f3
                      • Instruction Fuzzy Hash: 94F08656B1D69241FB209B16B86167AA370FF8CB89F044132FE9D4B7A9DE3CC4418B44
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: htons
                      • String ID:
                      • API String ID: 4207154920-0
                      • Opcode ID: 68e015f56d0d515fe3b16cf67434ce09b7f2f23037adfaa1b3f2e0eccb9a7a39
                      • Instruction ID: 68089296a1b2a567bb98818b46fd832dbe597d0fb991d99018210def3e96be5b
                      • Opcode Fuzzy Hash: 68e015f56d0d515fe3b16cf67434ce09b7f2f23037adfaa1b3f2e0eccb9a7a39
                      • Instruction Fuzzy Hash: CDF08666B1969582EB109B26F46576AB360FF8CB89F004132FA8D4B799DF3CC441CB44
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: 681bac6248219897df9d84beb0d65650723fa7027b7ad84f42809d3d983647d3
                      • Instruction ID: ad690ab76139f88b2f5095c326bd8c7c1feb000ade30d566c242eedd7a4f3674
                      • Opcode Fuzzy Hash: 681bac6248219897df9d84beb0d65650723fa7027b7ad84f42809d3d983647d3
                      • Instruction Fuzzy Hash: FEE01261F0B90386FB106B908461BBD12505F44724F90D434DA2C4F2EFCE6EE5466771
                      APIs
                      • CreateThread.KERNELBASE ref: 00007FFDFB608276
                        • Part of subcall function 00007FFDFB683854: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDFB68A80C), ref: 00007FFDFB6838D8
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ConsoleCreateCtrlHandlerThread
                      • String ID:
                      • API String ID: 4150460699-0
                      • Opcode ID: 2e3714b9488ae62c7fe38ac2feb3e2868cd5c09b0a238fcad1db31fdf8a4d57a
                      • Instruction ID: 31a5bd9abf27b8cc827ff74cf6ef54b09b6296a62138c2a57e7e62cab3104549
                      • Opcode Fuzzy Hash: 2e3714b9488ae62c7fe38ac2feb3e2868cd5c09b0a238fcad1db31fdf8a4d57a
                      • Instruction Fuzzy Hash: ADE04F60F0AE4391EB14DB11A826BA57394BF88384FC8803AC5AD0A2F8DF3CD209C740
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CreateThread
                      • String ID:
                      • API String ID: 2422867632-0
                      • Opcode ID: 6963fcda02c1b1e02f4fd61dab9834b1fe81f6c4201c8230bdf58792cfaa221d
                      • Instruction ID: 9514d95a112fb8406d18faefa7230c09482e01e0f560ecbbf70617da0498bbae
                      • Opcode Fuzzy Hash: 6963fcda02c1b1e02f4fd61dab9834b1fe81f6c4201c8230bdf58792cfaa221d
                      • Instruction Fuzzy Hash: 27E0EC32F0AF4282E7148B31BC2196632A5BB88754B144336D9AD867B8EF3C91518600
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CloseFind
                      • String ID:
                      • API String ID: 1863332320-0
                      • Opcode ID: ac43dd58bc682948c35146ec3914bd8b1b9b9f8f5cc3ff0fde307912eb9bfecb
                      • Instruction ID: f33c5d7edcc83bacc2f76427c0da7d2d7ca84c897d768bcbb9bb702f46a4b7fa
                      • Opcode Fuzzy Hash: ac43dd58bc682948c35146ec3914bd8b1b9b9f8f5cc3ff0fde307912eb9bfecb
                      • Instruction Fuzzy Hash: 6BC08C24F0B40382EBA83B351CB5C301590DF12738FB40734D63C4C4FAAD1CA4D68121
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: FileFindNext
                      • String ID:
                      • API String ID: 2029273394-0
                      • Opcode ID: 1c4175096d54c4dc926e5d01b109e57cb083de561e3d50d74dca1b3961808497
                      • Instruction ID: 93d684327bc8c9e5b3ca28d1a19c78bdddc7b3ae012fca8262ac93276b68d8eb
                      • Opcode Fuzzy Hash: 1c4175096d54c4dc926e5d01b109e57cb083de561e3d50d74dca1b3961808497
                      • Instruction Fuzzy Hash: E2C04C14F1B503C9EF542B665C925251594AB55B49F904034C1398D1A4DD1C95E7CA21
                      APIs
                      • HeapAlloc.KERNEL32(?,?,00000000,00007FFDFB68D74A,?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000), ref: 00007FFDFB68F1E1
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AllocHeap
                      • String ID:
                      • API String ID: 4292702814-0
                      • Opcode ID: f64346e72675fa8aad3f9e120cb5e669997a02d7599356c5ffd5529e6dc6746f
                      • Instruction ID: 11e00e4def92da925efd74cc7e8e49c29e52677fc4cae7afa52e83d93873ed54
                      • Opcode Fuzzy Hash: f64346e72675fa8aad3f9e120cb5e669997a02d7599356c5ffd5529e6dc6746f
                      • Instruction Fuzzy Hash: 6EF06D70B0BA0341FF5A5B61D870AB513955F89B80F0C9834CD6E8E7F9DE2CE5858220
                      APIs
                      • HeapAlloc.KERNEL32(?,?,?,00007FFDFB695AE1,?,?,00000000,00007FFDFB697537,?,?,?,00007FFDFB68C027,?,?,?,00007FFDFB68BF1D), ref: 00007FFDFB692A6E
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AllocHeap
                      • String ID:
                      • API String ID: 4292702814-0
                      • Opcode ID: d9c19b20f6bc403a7affa7417bac8794d25fd13905217543c5607bb5ec217786
                      • Instruction ID: 2345d55a3a6b23c763e9757cb745ff43ed84e9a07eb26bcfb500878a35a95208
                      • Opcode Fuzzy Hash: d9c19b20f6bc403a7affa7417bac8794d25fd13905217543c5607bb5ec217786
                      • Instruction Fuzzy Hash: CFF0FE92F0B64745FF6877615861A7521845F447A8F085A34DD3E8E2F9DE2CE4415224
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                      • API String ID: 2943138195-2884338863
                      • Opcode ID: 960fc956296f137f6efaad2bc03ebe0093a768204d11612e8ec5e73ebe96abf4
                      • Instruction ID: 7202fb82b1b0995a675e46011e210d3ab82eea40753417bf52efb002974c940c
                      • Opcode Fuzzy Hash: 960fc956296f137f6efaad2bc03ebe0093a768204d11612e8ec5e73ebe96abf4
                      • Instruction Fuzzy Hash: 20A27272B2978396E710DB14F4A09AEB7A0FB84344F641035EA998BAEDDF7CD544CB40
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: && $const $volatile
                      • API String ID: 2943138195-2785535105
                      • Opcode ID: 963915be2bf3a9ec657c5b3728676a4033c95082d2efe9328b97ef3b1314b07c
                      • Instruction ID: 6a7d908b06820be67df1af692932b599d8ff2254f183144d1cad60fdedff416a
                      • Opcode Fuzzy Hash: 963915be2bf3a9ec657c5b3728676a4033c95082d2efe9328b97ef3b1314b07c
                      • Instruction Fuzzy Hash: 80625276B19B8385E720CB14E4A05ADB7A0FB88784F645136EA9D4BAEDDF3CD544CB00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Handle$CloseConcurrency::cancel_current_taskFileInformation__std_fs_open_handle
                      • String ID: $ $ $ $exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                      • API String ID: 3306587042-2910608515
                      • Opcode ID: bd9c39b21e110216a2712acc8f261fb5a4c078b0c837f5ec32435def3da59bf1
                      • Instruction ID: c716eb28b5f1161ce91a1eca7c1bfe80eb64ed579c97388676df93a9ac008e7d
                      • Opcode Fuzzy Hash: bd9c39b21e110216a2712acc8f261fb5a4c078b0c837f5ec32435def3da59bf1
                      • Instruction Fuzzy Hash: C392B322B1AA8285EB208F25D4607FD6361FB85798F545231EAAD4BBEDDF3CD581C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_wide_to_narrow$__std_fs_code_page$Concurrency::cancel_current_task
                      • String ID: "
                      • API String ID: 3550869863-123907689
                      • Opcode ID: 233daeabd1cd8c1018619fb52947abdea5615b9b39a6af41623cdf1516a90b68
                      • Instruction ID: 87793c7f1f19999f5ca060b0318ef0c6af90e5fecf76b34ca1cb594975703056
                      • Opcode Fuzzy Hash: 233daeabd1cd8c1018619fb52947abdea5615b9b39a6af41623cdf1516a90b68
                      • Instruction Fuzzy Hash: D1527272B1AAC641EB209B16E4607EAA751FB8A7D4F545231DAED0BAEDDF3CD041C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 808467561-2761157908
                      • Opcode ID: 4c74ba6f1e82afe78f0777f859f0492d91bf5cd1da6bd2d05ca870d785e406f4
                      • Instruction ID: d4fa4d8f2ed5b54f993e833444a5b16361f42cc6398fd9b64c5af21295816b2b
                      • Opcode Fuzzy Hash: 4c74ba6f1e82afe78f0777f859f0492d91bf5cd1da6bd2d05ca870d785e406f4
                      • Instruction Fuzzy Hash: 02B2C576B1A2878BE7248E64D460BFD37A1FB4874CF545135DA2D5BAECDB38A900CB40
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: /$AES$CBC$DHC$HMAC($unknown
                      • API String ID: 3668304517-2398975054
                      • Opcode ID: de3f59454ef7c93f2774429c72d0e42d2c1bfbde8c1ae50c8f05b541a39c93da
                      • Instruction ID: af6d0b667975a4190f03b3baaa07987b10f4efbaab63785921dfb8f42b64dfc7
                      • Opcode Fuzzy Hash: de3f59454ef7c93f2774429c72d0e42d2c1bfbde8c1ae50c8f05b541a39c93da
                      • Instruction Fuzzy Hash: 6CD18562F19B8685EB00CB24E4517AD7361FB95794F109321EAAC0BBEADF7CD181C740
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: AMDi$Auth$Cent$Genu$Hygo$VIA2$auls$aurH$cAMD$enti$ineI$nGen$ntel$sbet$ter!$uine
                      • API String ID: 0-2699536740
                      • Opcode ID: 3b72357e12d661d4ddf3bf7e98ce3c41f974fa0f157da889232cb4ddb76a246d
                      • Instruction ID: 54fcf822ace00e6ae42c8fc535029352cd77c3323928aea9c409b4537b352154
                      • Opcode Fuzzy Hash: 3b72357e12d661d4ddf3bf7e98ce3c41f974fa0f157da889232cb4ddb76a246d
                      • Instruction Fuzzy Hash: 31A1D222F1E2934EF71887759821ABD2BB26F25344F58403BD8A99E7FACE1CB541C311
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskEntryInterlockedListNamePush__un
                      • String ID: #$', stored '$', trying to retrieve '$NameValuePairs: type mismatch for '$SubgroupGenerator
                      • API String ID: 1741147312-2170633926
                      • Opcode ID: 5320fef91ff1fe629345609f8603af62de21104dcf472f51f2d52004c03f4725
                      • Instruction ID: 0517f34af73bdc778764bc125459ea08bc57839adb02fa4ba75dd2ef67d32f88
                      • Opcode Fuzzy Hash: 5320fef91ff1fe629345609f8603af62de21104dcf472f51f2d52004c03f4725
                      • Instruction Fuzzy Hash: 7EE19362F19B8685FB00CB64D8507AD6761FB99794F509331EEAC1A7EADF78E184C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task_invalid_parameter_noinfo
                      • String ID: gfffffff$gfffffff
                      • API String ID: 4144643359-161084747
                      • Opcode ID: 6152d5daaabe515bbe2c925a5567c5577517ace25716d1a51408f83415d9d61d
                      • Instruction ID: 1e96c92d64ac4023ef76a67899b4bdb62ba8242d56e2094e60f8ff04f1f822ef
                      • Opcode Fuzzy Hash: 6152d5daaabe515bbe2c925a5567c5577517ace25716d1a51408f83415d9d61d
                      • Instruction Fuzzy Hash: 46B28C72B15A868AEB10CF26D5646ED6762FB85BC8F044132DA5E4FBADDF38E544C300
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ExceptionFileHeaderRaise
                      • String ID: BitLength$EquivalentTo$Integer: Min must be no greater than Max$Integer: invalid EquivalentTo and/or Mod argument$Integer: invalid RandomNumberType argument$Integer: missing Max argument$Max$Min$Mod$PointerToPrimeSelector$RandomNumberType$Seed
                      • API String ID: 2573137834-484113829
                      • Opcode ID: b2739d95b21fca1f4215a032039f21fd4c22d5711a200a054858df05db96091d
                      • Instruction ID: c827d2d9a080eed5b1e57035d189eb0d0437f62b60e069e18c4ad6e6da9e08c1
                      • Opcode Fuzzy Hash: b2739d95b21fca1f4215a032039f21fd4c22d5711a200a054858df05db96091d
                      • Instruction Fuzzy Hash: E7E27D72B0AA8785EB60CF65C460BE923A1FB85798F545132DA2D4BBEDDF38D645C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: $
                      • API String ID: 3668304517-227171996
                      • Opcode ID: e6a12e82bb29877c1af8846ed27c1c05fba44faf1b73e8ced408a70cc7c6782b
                      • Instruction ID: 5f877cbeefba0387132292e328190a19b6dffc605d051db9478a6cd824ba4d33
                      • Opcode Fuzzy Hash: e6a12e82bb29877c1af8846ed27c1c05fba44faf1b73e8ced408a70cc7c6782b
                      • Instruction Fuzzy Hash: 12320362B1AB8285EB10CB64D464BBD6361FB85794F584235EAAD4BBEDDF3CD481C300
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: :::$[{}]:{}${:x}${}.{}.{}.{}:{}
                      • API String ID: 0-2927033935
                      • Opcode ID: d08cdd1ccda687c2c3afedb5d2e9a313da8b6d5a66edc85ca7bf703770bd7577
                      • Instruction ID: efa36dca214c4d000c2ac7854c62e7f066c2ff73b398eb2bdfa2c210cea04fb0
                      • Opcode Fuzzy Hash: d08cdd1ccda687c2c3afedb5d2e9a313da8b6d5a66edc85ca7bf703770bd7577
                      • Instruction Fuzzy Hash: ED32F122B1A79299FB11CB719420BAD37A0FB45788F104236EEAD1BBE9DB3DD541C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Cpp_errorThrow_std::_$CurrentInfoNativeSystemThreadXtime_get_ticks_invalid_parameter_noinfo_noreturn
                      • String ID: Divisor is zero; invalid parameters for PoW.
                      • API String ID: 1900549356-3674321665
                      • Opcode ID: 242d1100e05bd6c9e254b7558ee42e158a53b5af51712946743ab1daa085a446
                      • Instruction ID: 485207eabda20a54c65491218d6007ebbfa79a1b088b1dba1f6f759db026c216
                      • Opcode Fuzzy Hash: 242d1100e05bd6c9e254b7558ee42e158a53b5af51712946743ab1daa085a446
                      • Instruction Fuzzy Hash: EEB1D422B0AB8681FB018B28D9146E967A0FF45794F549231EE6C1B7E9EF3CE5C1C700
                      APIs
                        • Part of subcall function 00007FFDFB6060A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFB6061E8
                        • Part of subcall function 00007FFDFB6060A0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6061EE
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB622466
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB62246C
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID: inv$object$pong
                      • API String ID: 3936042273-4231517554
                      • Opcode ID: 87a6493ee3d1886c5dc275717d76ed95bfdc28a9e973ca4cd1a4cb2671b59c1f
                      • Instruction ID: 7a12868d67acb8f8ae5992e90191fe81f23e0cf2fbc4ff2df6f446b971131162
                      • Opcode Fuzzy Hash: 87a6493ee3d1886c5dc275717d76ed95bfdc28a9e973ca4cd1a4cb2671b59c1f
                      • Instruction Fuzzy Hash: 3662E262B1E6C282EB10DB65E4505AEA760FB987D4F544235EAEE0BBEDDF2CD045C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                      • String ID: utf8
                      • API String ID: 3069159798-905460609
                      • Opcode ID: 49ded6ac914bdd7bbad0fbaa8655bda7fb920357ca3513ee042515aebd278f70
                      • Instruction ID: 471cad388bd14b643ad9ced33aecfab72e7ccf713387892b0921cb939d31e00e
                      • Opcode Fuzzy Hash: 49ded6ac914bdd7bbad0fbaa8655bda7fb920357ca3513ee042515aebd278f70
                      • Instruction Fuzzy Hash: A9919D32B0A74385EB249F21D461AB923A4EF44B88F448135DA6C4F7EAEF3DE955C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                      • String ID:
                      • API String ID: 2591520935-0
                      • Opcode ID: 6bd6ae66028dacdd368c07ed33241e7c999addca86feab7801735da85c82ba6b
                      • Instruction ID: 69bba4acd4d9dde50d92effa10751ca9ce1be094de9cca9957f9f5589fbca1ee
                      • Opcode Fuzzy Hash: 6bd6ae66028dacdd368c07ed33241e7c999addca86feab7801735da85c82ba6b
                      • Instruction Fuzzy Hash: D4716922B0A60389FF509B64D860ABD77B4AF48B4CF448435CA2D4B6E9EF3DE845C351
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                      • String ID:
                      • API String ID: 3140674995-0
                      • Opcode ID: fce3fad4e658a5f31667ce0b9cef0c56bdd04b7ff759e0a301e8b793741a1bfc
                      • Instruction ID: 4702e287954a650d127f1b795b81a7d181d0c871017a4621ddfe8fc492859b7d
                      • Opcode Fuzzy Hash: fce3fad4e658a5f31667ce0b9cef0c56bdd04b7ff759e0a301e8b793741a1bfc
                      • Instruction Fuzzy Hash: 96314F76705B8286EB609F60E8A4BE97364FB84748F44403ADB5D4BBA8DF3CD548C710
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                      • String ID:
                      • API String ID: 1239891234-0
                      • Opcode ID: 030991f1092f9a0d968cfc55bded795b95ac8ca4e2dc8021679d52bb4764a83a
                      • Instruction ID: 4205ae99c7797de4dfb313a5bae0cf15e49b7f4f684686ccd343dfb1e0880446
                      • Opcode Fuzzy Hash: 030991f1092f9a0d968cfc55bded795b95ac8ca4e2dc8021679d52bb4764a83a
                      • Instruction Fuzzy Hash: B5316536705F8285DB60CF25E8606AD73A4FB88754F540135EAAD4BBA9DF3CD145CB00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLast$CryptExceptionFileHeaderRaiseRandom
                      • String ID: BCryptGenRandom$GenerateBlock size
                      • API String ID: 1032801275-1797140735
                      • Opcode ID: 5875973860635c51ffda38f039c4b02d66f6b4236ce161c1de35bf49ab93f856
                      • Instruction ID: 69b3cd8e2ddedaaf318ddc776282444394906e0e04f100c114aad67608ca0816
                      • Opcode Fuzzy Hash: 5875973860635c51ffda38f039c4b02d66f6b4236ce161c1de35bf49ab93f856
                      • Instruction Fuzzy Hash: 7F317C21B0AA4796EB109B15F874AB96321FF81784F444032D96D8E6FEDF2CE945C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: p$p
                      • API String ID: 0-173875672
                      • Opcode ID: cd64c5e4d9a9cf0c74d2fbd58e5014e1ea2173474dcac39114749083e4c75a3d
                      • Instruction ID: 95b77d02d268ae85529c11cb34277800d8a5ddd01265deac042c97c68bf33d81
                      • Opcode Fuzzy Hash: cd64c5e4d9a9cf0c74d2fbd58e5014e1ea2173474dcac39114749083e4c75a3d
                      • Instruction Fuzzy Hash: A882BF76B0968286EB14CF25D2A06BD67A1FB89784F184035DE5E4BBEDDF38E461C700
                      Strings
                      • DB7C2ABF62E35E668076BEAD208B, xrefs: 00007FFDFB640B41
                      • FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFC, xrefs: 00007FFDFB640B43
                      • 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 F39789F5 15AB8F92 DDBCBD41 4D940E93, xrefs: 00007FFDFB640B45
                      • FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFF, xrefs: 00007FFDFB640B47
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ExceptionFileHeaderRaise
                      • String ID: 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 F39789F5 15AB8F92 DDBCBD41 4D940E93$DB7C2ABF62E35E668076BEAD208B$FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFC$FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFF
                      • API String ID: 2573137834-3528890889
                      • Opcode ID: a9719ec63d65ca62ae8c162b1cae3d8e9a4fd1b00f96566775911fdc7cad6e22
                      • Instruction ID: c360f4e883f94c50797d4335e0118683f1f71dcdd657d49f5ed93ec22681b3b2
                      • Opcode Fuzzy Hash: a9719ec63d65ca62ae8c162b1cae3d8e9a4fd1b00f96566775911fdc7cad6e22
                      • Instruction Fuzzy Hash: 7353E2B6B00F5996EB44CFA9D45479C3379F308B88F894022DB4E63B68DB79C59AC341
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID: p
                      • API String ID: 73155330-2181537457
                      • Opcode ID: be077e50881402fba07bb951e6cde301b0c9b11d3884739358ee4c7bf07c7b46
                      • Instruction ID: eb0246ec811fdf4880b2e929d50cfd5c594eba1e4649d9007fc10fea0947d093
                      • Opcode Fuzzy Hash: be077e50881402fba07bb951e6cde301b0c9b11d3884739358ee4c7bf07c7b46
                      • Instruction Fuzzy Hash: 7532AF76B0968686EB14CF25D1A06AD67A1FB89BC4F184035DE6D4BBEDDF38E461C300
                      APIs
                        • Part of subcall function 00007FFDFB6060A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFB6061E8
                        • Part of subcall function 00007FFDFB6060A0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6061EE
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB621F91
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB621F97
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID: getdata
                      • API String ID: 3936042273-195123596
                      • Opcode ID: ce11896b2dfd3257eec0d544d8d1a4b40fa81ab3403027c8c24cc203dce7cb62
                      • Instruction ID: e4479d75b2e2b136ac545a1729a3e1cc1146ba0f58912d59fbb763b7020c5a13
                      • Opcode Fuzzy Hash: ce11896b2dfd3257eec0d544d8d1a4b40fa81ab3403027c8c24cc203dce7cb62
                      • Instruction Fuzzy Hash: C8E1F26271E6C682EB108B55E4605AEA760FB957D0F444236EAEE4BBEDCF3CD145CB00
                      APIs
                        • Part of subcall function 00007FFDFB6060A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFB6061E8
                        • Part of subcall function 00007FFDFB6060A0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6061EE
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6228D1
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6228D7
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID: object
                      • API String ID: 3936042273-2829954028
                      • Opcode ID: 929b9db25eee1d12021f6c90c1f73a74af58a9036d3898b9146332cf822e251a
                      • Instruction ID: f5bf8bb0a0ac91ead8d3b82ce3c00263ca6857b8de2bc3f4c2e124dc4e780004
                      • Opcode Fuzzy Hash: 929b9db25eee1d12021f6c90c1f73a74af58a9036d3898b9146332cf822e251a
                      • Instruction Fuzzy Hash: 39D1B26271EAC682EB10DB55E4605AEA760FB947C4F405136EADE0BBEDDF2CD145CB00
                      APIs
                        • Part of subcall function 00007FFDFB6060A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFB6061E8
                        • Part of subcall function 00007FFDFB6060A0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6061EE
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6231CA
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6231D0
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID: version
                      • API String ID: 3936042273-3206337475
                      • Opcode ID: 91f48cefcc0ec8405d58b09ab6a021c7e04db677e4be469a4a2e7b2216dc6a57
                      • Instruction ID: def06e49c2f62ae3de053b6b34204c60b4df1281366578d3615c5ecfe46f6e5f
                      • Opcode Fuzzy Hash: 91f48cefcc0ec8405d58b09ab6a021c7e04db677e4be469a4a2e7b2216dc6a57
                      • Instruction Fuzzy Hash: 2EA1BF6272A6C686EB10CB55E4505AEB760FB98BC4F405236FA9E0BAEDDF2CD145C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: 18be743803b70afbf5d5b59732c367e8040d209a2e43f9d66865871c5f48d42d
                      • Instruction ID: 1c5d7d5f3aee5958ab79eba88d37bed1272b98a5f498352cd19deb826ce9bbc9
                      • Opcode Fuzzy Hash: 18be743803b70afbf5d5b59732c367e8040d209a2e43f9d66865871c5f48d42d
                      • Instruction Fuzzy Hash: 5A129D72B0AA8385EF108F65D460ABD63A1FB84794F444132DA6D4BAEDDF3CE5A0C740
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: memcpy_s
                      • String ID:
                      • API String ID: 1502251526-0
                      • Opcode ID: 3a169fb333f111df0ae1304fb82a5a5346c1f6606d896419b7e9c4814cfa7d1e
                      • Instruction ID: c615ee6ec16dd0e503e26ca0b2459378e34504214493207c33021b862bc87e4b
                      • Opcode Fuzzy Hash: 3a169fb333f111df0ae1304fb82a5a5346c1f6606d896419b7e9c4814cfa7d1e
                      • Instruction Fuzzy Hash: FEC12A72B1BA8687D724CF15A154A6AB792FB84784F44C134DF5E4BBA8DB3CE801CB40
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: d8a4a4ab7e79f2d1b816014c4f045dfae84a1d5aefe3d1c0c73fa98dc4ad17b5
                      • Instruction ID: 1992f7cbc4d64a9a7584ae6dfddee15e0ee5e0b552c67261e9b6757e93a03da2
                      • Opcode Fuzzy Hash: d8a4a4ab7e79f2d1b816014c4f045dfae84a1d5aefe3d1c0c73fa98dc4ad17b5
                      • Instruction Fuzzy Hash: 77C10362B2ABA7C2EF119A659064BBE6294EF45BD4F044131DE2D0B7F9DF3CE6458300
                      APIs
                        • Part of subcall function 00007FFDFB6086E0: __std_fs_code_page.LIBCPMT ref: 00007FFDFB608703
                        • Part of subcall function 00007FFDFB6086E0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FFDFB608751
                        • Part of subcall function 00007FFDFB6086E0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FFDFB608789
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB632E5C
                      • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFB632E68
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB632E6E
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __std_fs_convert_narrow_to_wide_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_fs_code_page
                      • String ID:
                      • API String ID: 1808005240-0
                      • Opcode ID: 4d9ca0b5403d51fdc7d70407bc8f7de383df0aea40f934cbddfa62846b388cc5
                      • Instruction ID: f027b884d03361a082ffe58f7d77f3be2df09965efb838d51ef47927d1c859d6
                      • Opcode Fuzzy Hash: 4d9ca0b5403d51fdc7d70407bc8f7de383df0aea40f934cbddfa62846b388cc5
                      • Instruction Fuzzy Hash: 5DB1B432B1A78785EB209F25D4A07A96391FB84798F544232EA6D4BBEDDF3CD541C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-3916222277
                      • Opcode ID: b2087c9c81ba20577fea4acbab9454eb2222dcd41d04f0d3735005c3a56680a5
                      • Instruction ID: 2589003d786136a518f97b2e28f2433f3a53dfac2455c0df8aad5e89c9755d31
                      • Opcode Fuzzy Hash: b2087c9c81ba20577fea4acbab9454eb2222dcd41d04f0d3735005c3a56680a5
                      • Instruction Fuzzy Hash: FA525B767105A68BD310CF2A8464EBE37A4EB4D305B4D4212EBE98B7D5DA3CE611CB70
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: exists
                      • API String ID: 3668304517-2996790960
                      • Opcode ID: 5b508bbcc92ef3f7d56b9597b2ba3134f182e0b8bb81ccac500b527b525dd36b
                      • Instruction ID: 1910aede39404dd270e87161bfdedc3689ee8f606ca8049a43d37d040f5a3062
                      • Opcode Fuzzy Hash: 5b508bbcc92ef3f7d56b9597b2ba3134f182e0b8bb81ccac500b527b525dd36b
                      • Instruction Fuzzy Hash: 12128E32B09BC289EB208F25D8607E977A1FB45748F588135DA6D4BBE9DF38D585C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID: verack
                      • API String ID: 73155330-569966326
                      • Opcode ID: f97d579481b7b5d25855aebdcab9da45f5d28ec67d5a0081ff29610a448e22a2
                      • Instruction ID: 424bfe4278407af977e19cf78fe887adcce56bb2b2876f178c16e4ba4c909291
                      • Opcode Fuzzy Hash: f97d579481b7b5d25855aebdcab9da45f5d28ec67d5a0081ff29610a448e22a2
                      • Instruction Fuzzy Hash: 4781B17272AAC682EB10DB15E4505AEA760FB987C4F505136FADE0BBADDF2CD144CB40
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: pong
                      • API String ID: 0-559432015
                      • Opcode ID: 8bebf32230d1c5fe46eb471e75ecad1c3cdd76d0ee4937883389b3b6fae79dd5
                      • Instruction ID: 25b5cecb03272bd5efc2dff7c64331485b64f3fcc890adb79f945db43c15da5d
                      • Opcode Fuzzy Hash: 8bebf32230d1c5fe46eb471e75ecad1c3cdd76d0ee4937883389b3b6fae79dd5
                      • Instruction Fuzzy Hash: 4B61B33272A6C686EB10DB55E4505AEA361FB897C4F405226FADE0BB9DCF3CD544CB40
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: InfoLocale
                      • String ID: GetLocaleInfoEx
                      • API String ID: 2299586839-2904428671
                      • Opcode ID: 58daed6010697032d07d9d84abc96063966c158098ea6bfbb4672780173c8ee4
                      • Instruction ID: 775ff739993115431288d2d9edb7abf6437a17b5dc1888e2af574d0bb542c7bc
                      • Opcode Fuzzy Hash: 58daed6010697032d07d9d84abc96063966c158098ea6bfbb4672780173c8ee4
                      • Instruction Fuzzy Hash: F801A721B09A4285EB409B56B4208AAB764FF89FD0F548435DE6D1B7FDCE3CD5458340
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7d3c123c898a904628d088db1ab54b11102033e3e331651c3f28599f52597cd3
                      • Instruction ID: 75ea5407fa729345a5ccafc0b5f21bedfce46b4fa5a6b3ddb3731424f06bb1f9
                      • Opcode Fuzzy Hash: 7d3c123c898a904628d088db1ab54b11102033e3e331651c3f28599f52597cd3
                      • Instruction Fuzzy Hash: 70F1EF73B0AA0286EB10CF65D8646ED2762FB84B88F054531DE2E6B7ADDF38E555C340
                      APIs
                        • Part of subcall function 00007FFDFB6060A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFB6061E8
                        • Part of subcall function 00007FFDFB6060A0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB6061EE
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB634C3D
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB634C43
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID:
                      • API String ID: 3936042273-0
                      • Opcode ID: adebdad0da50ad89550ab99704ad1c51c17a613daf0020265ca504455b19b573
                      • Instruction ID: 87b0dd106144026b48118e7d1c49453fefea24edb28cbff5e5bdf6312ec57263
                      • Opcode Fuzzy Hash: adebdad0da50ad89550ab99704ad1c51c17a613daf0020265ca504455b19b573
                      • Instruction Fuzzy Hash: B0D17F327197C286D7108B25E4607AEA761FB85784F585236EA9E4BBEDCF3CD485C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: f8c6d71691b88bc4147e555c6e5d1d04bd74c90452714550f26fa892231bd121
                      • Instruction ID: c677f170b73446d6c8099b5d87466e7e63f2edad5f58084f5bf679f336a762a4
                      • Opcode Fuzzy Hash: f8c6d71691b88bc4147e555c6e5d1d04bd74c90452714550f26fa892231bd121
                      • Instruction Fuzzy Hash: 90C1CBA2B0AA8394EB10DF65D560BFD33A1AB44B98F544535DA2D0B7EDDF38E641C380
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4a71ef8b6ea4b144a232c33d099812a9d805b836aa268b1de02a8452d96270b5
                      • Instruction ID: ffd650dc4d4ec7a7139358b317da55c7bbccc10bc6e2794ccd098cce4536c7bf
                      • Opcode Fuzzy Hash: 4a71ef8b6ea4b144a232c33d099812a9d805b836aa268b1de02a8452d96270b5
                      • Instruction Fuzzy Hash: 29B1C522F1A74289FB108B65D420BBC33A2AB55798F144735DE7C1ABEADF38E1D18340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ExceptionRaise_clrfp
                      • String ID:
                      • API String ID: 15204871-0
                      • Opcode ID: cd9a1f9ad87af480bb8b06b9ac514f9e2f65f345fdffbf54b3f83fb453aed285
                      • Instruction ID: 5d577895b8b8df15d301ce0425c1ca503492c1c79c029d78d3acfe09ba07f855
                      • Opcode Fuzzy Hash: cd9a1f9ad87af480bb8b06b9ac514f9e2f65f345fdffbf54b3f83fb453aed285
                      • Instruction Fuzzy Hash: BEB15B73605B898BEB25CF29C85676C3BA0F744B4CF198925DA6D8B7B8CB39D451C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: e+000$gfff
                      • API String ID: 0-3030954782
                      • Opcode ID: 80ea245ef8c248250bfbdf3d78d2f9bd8283e1c0b7d3643b362a300fede182c0
                      • Instruction ID: b7f07e8ae0cd3fe0886c64aa6f15a3cb81b92b58b4dae0509cfc2ad93f9014ac
                      • Opcode Fuzzy Hash: 80ea245ef8c248250bfbdf3d78d2f9bd8283e1c0b7d3643b362a300fede182c0
                      • Instruction Fuzzy Hash: 62516662B196C246E7248E35E921B697B91F744B98F08C231CBB84FBE9DF3DE4418700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: gfff
                      • API String ID: 0-1553575800
                      • Opcode ID: 9b0b4a276a3e04a97b3f6e9cfffecdb135cd72df040ae0495a0dcb73a670d90a
                      • Instruction ID: df42bea781a38e2fc003d3d729bd640f170a0b056c8dc69fe6e31747b3146d10
                      • Opcode Fuzzy Hash: 9b0b4a276a3e04a97b3f6e9cfffecdb135cd72df040ae0495a0dcb73a670d90a
                      • Instruction Fuzzy Hash: FF224662B0939A4ADB648F1AA460B7A7694F785BC4F105135CE9E4BBE9DF3CE441C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: gfff
                      • API String ID: 0-1553575800
                      • Opcode ID: b9a30c33fd8558fa5b75072f9cb42e26c7abdc5680f7b4992a55fec7a8791953
                      • Instruction ID: 78c5e0d21c2497533a4670a1eb9314cd3cd42ec8f919ad730962d614d8b8b2c4
                      • Opcode Fuzzy Hash: b9a30c33fd8558fa5b75072f9cb42e26c7abdc5680f7b4992a55fec7a8791953
                      • Instruction Fuzzy Hash: DBF14B6572E28392E7198E29D424B7D7696BB41F80F006136EE6E8F7F8EB3CD5408311
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: 2
                      • API String ID: 0-450215437
                      • Opcode ID: edb5278980dd36de3f27e6bebf3f243b3a4678fcaad72eb11a4b5ab9f5d9f0d7
                      • Instruction ID: eac3f5f5664f973578a0279adc6720d1e694b3c0a2a6eeefa48c61babd84452b
                      • Opcode Fuzzy Hash: edb5278980dd36de3f27e6bebf3f243b3a4678fcaad72eb11a4b5ab9f5d9f0d7
                      • Instruction Fuzzy Hash: BBD17CA2F0A79B06CB14862AA561BBDA690BB54FC4F145035DE5E8FFF9DA3CD4448700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: x
                      • API String ID: 0-2363233923
                      • Opcode ID: 713ac39e9c7230e8d4eb87eea6be2b19562ad51e455e505d8ac702b7e9d14308
                      • Instruction ID: cd4141a6c3e195da69e0e1964704ff2b677d111a393fbf8d02c3c0942181ad5d
                      • Opcode Fuzzy Hash: 713ac39e9c7230e8d4eb87eea6be2b19562ad51e455e505d8ac702b7e9d14308
                      • Instruction Fuzzy Hash: 6CE15BA1B0A38B59EB248F25D560B796695BB51FC0F549031CE5E4BBFAEE3CD441C300
                      APIs
                        • Part of subcall function 00007FFDFB68D570: GetLastError.KERNEL32 ref: 00007FFDFB68D57F
                        • Part of subcall function 00007FFDFB68D570: FlsGetValue.KERNEL32 ref: 00007FFDFB68D594
                        • Part of subcall function 00007FFDFB68D570: SetLastError.KERNEL32 ref: 00007FFDFB68D61F
                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FFDFB699F43,?,00000000,00000092,?,?,00000000,?,00007FFDFB68E0ED), ref: 00007FFDFB6997F2
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLast$EnumLocalesSystemValue
                      • String ID:
                      • API String ID: 3029459697-0
                      • Opcode ID: d78b4ce8c848f9dd37d503210fb26c82bad365a3ef5931eb54b70e8a07abceaf
                      • Instruction ID: 08860f786f3ad4928c3116979eb1d0391e03d832542c3ad80e051e9aae722ece
                      • Opcode Fuzzy Hash: d78b4ce8c848f9dd37d503210fb26c82bad365a3ef5931eb54b70e8a07abceaf
                      • Instruction Fuzzy Hash: 4F11E767F0964686EB148F25D050AB87BA0FB50F94F948136C6794B3E4DE78D5D1C740
                      APIs
                        • Part of subcall function 00007FFDFB68D570: GetLastError.KERNEL32 ref: 00007FFDFB68D57F
                        • Part of subcall function 00007FFDFB68D570: FlsGetValue.KERNEL32 ref: 00007FFDFB68D594
                        • Part of subcall function 00007FFDFB68D570: SetLastError.KERNEL32 ref: 00007FFDFB68D61F
                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FFDFB699EFF,?,00000000,00000092,?,?,00000000,?,00007FFDFB68E0ED), ref: 00007FFDFB6998A2
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLast$EnumLocalesSystemValue
                      • String ID:
                      • API String ID: 3029459697-0
                      • Opcode ID: 8d124199e0873d7e3fd008f94e19e4e240248db30e7e620eace9a20178ae5c8a
                      • Instruction ID: 8177486159a604d9a17b81bc94eea98ff5add0c8dc21c2e4daeacac167e731bd
                      • Opcode Fuzzy Hash: 8d124199e0873d7e3fd008f94e19e4e240248db30e7e620eace9a20178ae5c8a
                      • Instruction Fuzzy Hash: 8D01B972F0914346E7145F16E550B7976A5EB40B68F458235D6784B6ECDF7C9480C700
                      APIs
                      • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FFDFB68F5F7,?,?,?,?,?,?,?,?,00000000,00007FFDFB698DA4), ref: 00007FFDFB68F28B
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: EnumLocalesSystem
                      • String ID:
                      • API String ID: 2099609381-0
                      • Opcode ID: 864adca64f10ed86be7b73c3629bf17d0b271d808e48494e099bf2f8eccfee10
                      • Instruction ID: 05f4a3d5ba6ce99ae6f26df05312ced5d3da21d4e44c7ebe55e9677af16ecf42
                      • Opcode Fuzzy Hash: 864adca64f10ed86be7b73c3629bf17d0b271d808e48494e099bf2f8eccfee10
                      • Instruction Fuzzy Hash: CCF03172B05B4283E704DB29E8A19A53365FB99BC0F549035DA6D8B3B9DF7CD451C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Time$FileSystem
                      • String ID:
                      • API String ID: 2086374402-0
                      • Opcode ID: 1ad08d5821c16f67af062276ea3528555dc2660cba87232dabe49151298403a0
                      • Instruction ID: 47c68a945ffb3d8626e72164ab249ab803921d35002d9b5167471ba22c994328
                      • Opcode Fuzzy Hash: 1ad08d5821c16f67af062276ea3528555dc2660cba87232dabe49151298403a0
                      • Instruction Fuzzy Hash: 2AF082E1B2AA8942EE248755A8247A49292AF5CBE0E04A331ED3D4E7D9EF2CD1518700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AlgorithmCloseCryptProvider
                      • String ID:
                      • API String ID: 3378198380-0
                      • Opcode ID: 70f517824e45b9851c3dc871d4ac550522a3f63869e21d730c1e66dd46bfdf32
                      • Instruction ID: a9719135e9b250d4423ad09428c53c99b9026ec04ff75555c9ae029abf48ca2a
                      • Opcode Fuzzy Hash: 70f517824e45b9851c3dc871d4ac550522a3f63869e21d730c1e66dd46bfdf32
                      • Instruction Fuzzy Hash: 01E09231B0A60745FB449B16F4716796251EF88B40F6C81309D2C4F3A9CD3CD4928700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: gfffffff
                      • API String ID: 0-1523873471
                      • Opcode ID: ea6801fa90d8fc96189ce452aff9b5266326b0e3370ba437820448fc258c93c4
                      • Instruction ID: db66a3ddf0df538b6331f7726edfc646022fc7d7819bc13b0fe4349b7094d519
                      • Opcode Fuzzy Hash: ea6801fa90d8fc96189ce452aff9b5266326b0e3370ba437820448fc258c93c4
                      • Instruction Fuzzy Hash: 4AA14662B0A78786FB21DF25A460BA97790AB54B8CF048131DE6D4B7E9DE3DE405C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 4f1aa22ed8fb5c11e340679a982366e0c0954e14d72a6eb53d09cb18ece037b1
                      • Instruction ID: 0257268991bf971bda36a1b10988c4bf6db34b568ab0cc087443cec76c514655
                      • Opcode Fuzzy Hash: 4f1aa22ed8fb5c11e340679a982366e0c0954e14d72a6eb53d09cb18ece037b1
                      • Instruction Fuzzy Hash: EDB17C72B0AA4785E7648F29D064A7D3BA0EF49B48F188139DA6D4B3EDCF39D840C751
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: DB7C2ABF62E35E668076BEAD208B
                      • API String ID: 0-1114148540
                      • Opcode ID: aabd03ef1719d7c80ca3c297e06dc179a55077514131f93257853fda8283bac6
                      • Instruction ID: d4a0061b2185e456cf5b52fbe055823160a3b03ca3b6e0153a17ee008aa00e6f
                      • Opcode Fuzzy Hash: aabd03ef1719d7c80ca3c297e06dc179a55077514131f93257853fda8283bac6
                      • Instruction Fuzzy Hash: C131F032718B8986DB108B2AE84079DBB54F7D5B98F485139DF8D47BA8CBBDD045C700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 84856ccd1dc3a6676b39ab3d1c80dbfe7562f0e17ec7d9dec58ad6743201a4a3
                      • Instruction ID: ff9cdbc8557af2348fb9b45131b0a26de611b63b5f3bff2dbe1bc682b5d7f3c7
                      • Opcode Fuzzy Hash: 84856ccd1dc3a6676b39ab3d1c80dbfe7562f0e17ec7d9dec58ad6743201a4a3
                      • Instruction Fuzzy Hash: EF420221B2AE4789E7539B75A861D356724BF563C0F018733E92E7A6F8DF2CE4528600
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: 768259bce8f5d1253c97174183ac0006708df65520d3fa76edfdceb9cfa0210c
                      • Instruction ID: d959c2fbe151b29aeef8fefbbd326a4910e6e086825e95985524dd0815a1aca0
                      • Opcode Fuzzy Hash: 768259bce8f5d1253c97174183ac0006708df65520d3fa76edfdceb9cfa0210c
                      • Instruction Fuzzy Hash: 7712DC72B0AA82C5EB008F65E4A0BAA77A1FB44794F445135EA6D4BBEDCF3CD580C700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4d38fae4eb85284ada6379fc8398675071a72d5dd664eb0936eee1d335475c8
                      • Instruction ID: 07c2a2edd92506e67dca2422af146278055407cba716efaf26e6563b4f99012a
                      • Opcode Fuzzy Hash: f4d38fae4eb85284ada6379fc8398675071a72d5dd664eb0936eee1d335475c8
                      • Instruction Fuzzy Hash: 42C18863F1946707D72CC92EA4A1BB89695E7D8790F046036EE4B8BBF4EB78D844C740
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 832832dc364959410312b08ae791d2c06a811db9f110b507999a7588ef3f3727
                      • Instruction ID: 3fb074d6b91a1c72f0c6fa33150da4457e4bf37075256d6b88c489feafd49e77
                      • Opcode Fuzzy Hash: 832832dc364959410312b08ae791d2c06a811db9f110b507999a7588ef3f3727
                      • Instruction Fuzzy Hash: 78F1257222A1904FD324CF19A26057ABBE0F758791F848229EFD647B99C73DF825DB10
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c78b4fa3eb0fabe06b317e87bcdbcbad3bf88d85b4e424219ddb129872bd64bb
                      • Instruction ID: 04cbe1e2874acdaf164fd20bb3882df27f7707f1ea4c8c9b158e61e68cefa71a
                      • Opcode Fuzzy Hash: c78b4fa3eb0fabe06b317e87bcdbcbad3bf88d85b4e424219ddb129872bd64bb
                      • Instruction Fuzzy Hash: 840260339261609BE781CB1EC059B6B33A9F744355F23833BDE9267281D637AC09D7A4
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aac7898b75f84a8c33d528a5d020cc9611644f072e3a27786c5b160d31b9b22f
                      • Instruction ID: bdea29625182ed986e3a1523f4cb1371de1a5c0bad5e71426f9f9862f3579eab
                      • Opcode Fuzzy Hash: aac7898b75f84a8c33d528a5d020cc9611644f072e3a27786c5b160d31b9b22f
                      • Instruction Fuzzy Hash: B6E18232B0AA4386EB658A28C578B7D2791EF55B58F14C235CE6D1E2FDDF29E841C700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab41f9421c0c718e7f5ee1b96c53c8c0c5532be5994e9007b22f095d90db5dc3
                      • Instruction ID: 4abd7b67989e76e5e9fcb349350f3ab51346bffecd27cf3da219efc202d8d3eb
                      • Opcode Fuzzy Hash: ab41f9421c0c718e7f5ee1b96c53c8c0c5532be5994e9007b22f095d90db5dc3
                      • Instruction Fuzzy Hash: 9BB10633B295828BEB51CF25E954A6977D2F794BD4F04C131DA595BF98DA3CE802CB00
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 00e36062198daae6387ab13480e921487df1d804465fa8b2d567dfddd8f88c27
                      • Instruction ID: 595661596f7a2f54774712f4a2330ff452cfee9c39f81b144b7a0260ec000fab
                      • Opcode Fuzzy Hash: 00e36062198daae6387ab13480e921487df1d804465fa8b2d567dfddd8f88c27
                      • Instruction Fuzzy Hash: 6CD1B622B0AE4785EB698E298974A7D27A0FF45B48F148235CE6D0F6E9CF3DD845C740
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 73155330-0
                      • Opcode ID: 4d01ac14e4503eb6c61a4958a9179e75bce3f1d4c40fc9a39546503f1bb8fa11
                      • Instruction ID: d007d3e6cf225d55efe82c219c2f0f2d5c56b245ad22b0c17eb4564f8dcea3f8
                      • Opcode Fuzzy Hash: 4d01ac14e4503eb6c61a4958a9179e75bce3f1d4c40fc9a39546503f1bb8fa11
                      • Instruction Fuzzy Hash: 13E11663B1AB8285EB10CB65D0506AD77A1FB85798F484235EAAD0BBEDDF3CD481C700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0253b0dcf0567cbc5810274d52cbaf3c9cf2ac960e29321d24127f6c30400da8
                      • Instruction ID: dc7a09b6628d74ce182972d60cd157069eb5873e30af40fea6eaa2bd6c8e69d6
                      • Opcode Fuzzy Hash: 0253b0dcf0567cbc5810274d52cbaf3c9cf2ac960e29321d24127f6c30400da8
                      • Instruction Fuzzy Hash: B7C1EE73725BD883DB44CB19D0549DE7BA9F388780B865123DA6E83B44EF38CA18CB40
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 4023145424-0
                      • Opcode ID: a0fbdd269cac7214de097bd9cc6e8b6bbbe12fabbfbe42cc4adf3ce9bd37f889
                      • Instruction ID: 7ca15e6a480a8c277e3e998e4c6493e7cd00c182e6ef390fbfe06c08ec5ea590
                      • Opcode Fuzzy Hash: a0fbdd269cac7214de097bd9cc6e8b6bbbe12fabbfbe42cc4adf3ce9bd37f889
                      • Instruction Fuzzy Hash: 4FC1C726B0AA8745EB609B619420BBE27A1FF94788F408135EEAD4F6EDDF3CD545C700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7b5c6f3078becf20f1199bc39b726f0b573c71f3f802b3308f7ea4c483213bd
                      • Instruction ID: 038daf849520a445e2e3904a70fdf3c989c57c0b71ca3f347e17164725dc0f4b
                      • Opcode Fuzzy Hash: e7b5c6f3078becf20f1199bc39b726f0b573c71f3f802b3308f7ea4c483213bd
                      • Instruction Fuzzy Hash: B2B19463709685C7DB58CB2DD8507AA7792E359B84F09C239CBAA4BB8CCB7CE104C740
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 90bc551d4986c25560af851d0b98203b8f4f41d8b6a4e14eae8b4e0dfe0ec33b
                      • Instruction ID: 4d01eb2d8116e2676189ddce50155efa487ac97cbb9a582ee6125a4a14cbf54c
                      • Opcode Fuzzy Hash: 90bc551d4986c25560af851d0b98203b8f4f41d8b6a4e14eae8b4e0dfe0ec33b
                      • Instruction Fuzzy Hash: A0A10172B05A4696EB20DF65E064BAE3362FB88B88F118136DF5D4BB98DF38D140C340
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4939da3f87401d80799ed6090340d6e42fa13b713726f734e2122f47d893e6c4
                      • Instruction ID: 797f8109d3fae151945747778c630b8c88b0173fdade01cf8df56ca39be89f1b
                      • Opcode Fuzzy Hash: 4939da3f87401d80799ed6090340d6e42fa13b713726f734e2122f47d893e6c4
                      • Instruction Fuzzy Hash: 81B19172A0AB468AE7658F29C07067C3BA1FB49B48F248135CA5E4B3E9DF39D441C741
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae5d8334c57f654b4f87f1b1becb07e4aed738b33c56dcc07a699d05cdee5fa8
                      • Instruction ID: cc51f0fd0f57abcd5c01fcf6b9a912e5db8c44e0d93f00a2ee8e35e7e784cbe4
                      • Opcode Fuzzy Hash: ae5d8334c57f654b4f87f1b1becb07e4aed738b33c56dcc07a699d05cdee5fa8
                      • Instruction Fuzzy Hash: A5B17E76A1AB86C6EB658F29C06063C3BA4EB49B48F248135CB5E4B3F9DF39D441C701
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d59d5aaad13707aa235c32b79884c24521481d0c12a08fffdfc77972a4780151
                      • Instruction ID: c3284c123d1adb45a683a301694c213f8229aa309bec770834880132bc1aef7a
                      • Opcode Fuzzy Hash: d59d5aaad13707aa235c32b79884c24521481d0c12a08fffdfc77972a4780151
                      • Instruction Fuzzy Hash: 0191A033F09B8289E3118F7D9441AED6761BB95748F149325EFD82AE9CDB38D54AC300
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9d286b13ffae1578e684bb1020083730452a778b0e1c4c2c8477c30c38cd9494
                      • Instruction ID: 3d886071040f5890d74d9598f1cb208dcbc899181ee4144107114147082c22cb
                      • Opcode Fuzzy Hash: 9d286b13ffae1578e684bb1020083730452a778b0e1c4c2c8477c30c38cd9494
                      • Instruction Fuzzy Hash: BFA11E338261709BD380CB1ED059B6F33A9F784355F23832BDE9267281C637AC0997A5
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: 4ec0ca32672841d429cf7105d5c8347aef15274cb6a582a0444d5454670d5500
                      • Instruction ID: 89536149dc693be941ab2d556bc67736ba6e6d0481b764fea96f6955eb21b9f5
                      • Opcode Fuzzy Hash: 4ec0ca32672841d429cf7105d5c8347aef15274cb6a582a0444d5454670d5500
                      • Instruction Fuzzy Hash: 95818172B06E5285EB648E65D4A177D23A0FF44B98F149636EE6E8B7E8CF38D041C340
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24ae756d4a93f95da4527f56551ff8f8597df9d6aa363f67877cc7ab23149139
                      • Instruction ID: 0d935306505c5ee535583de61c1a39a6f76a5f1b555e446a0a7edbf292463e84
                      • Opcode Fuzzy Hash: 24ae756d4a93f95da4527f56551ff8f8597df9d6aa363f67877cc7ab23149139
                      • Instruction Fuzzy Hash: E481E972B0D78245E774CB1994A0B796A91FB85798F104239DBAE4BBEDDF3CD4008B00
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: 06a9625e579e200d604ef73943dbe4ac053193aff4e6d7d3d02975631ca7891a
                      • Instruction ID: b4be1782658a3ae309998dc3daba14b27ce17fb632018960a1da8addc1510c15
                      • Opcode Fuzzy Hash: 06a9625e579e200d604ef73943dbe4ac053193aff4e6d7d3d02975631ca7891a
                      • Instruction Fuzzy Hash: 3461CA21F1E19386FB64C6288460A7D66A1AF41768F544239D63D4FEFDDE7DE8409B00
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c94553d4758cb7cbcde5823fce3c8384a055d69f7125dde9cfd6c4786c244cd6
                      • Instruction ID: 269869519c3a0ab70c1cfae6a4333cf3978b92e0c4d39515d41b49f5982c713a
                      • Opcode Fuzzy Hash: c94553d4758cb7cbcde5823fce3c8384a055d69f7125dde9cfd6c4786c244cd6
                      • Instruction Fuzzy Hash: 5451B632B19A87C6EB24CB15E450B6967A0FB99B88F444131EE9D4BB9CDF3CD641CB00
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                      • Instruction ID: d2d973474a614342ae1bd739872bdc7e9205c38f161a4cab2607fd06593303ca
                      • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                      • Instruction Fuzzy Hash: D8516D77B1AA5286E7248B29D064B3C27A0EF55F58F648131CE5D1B7E8CB3AE853C740
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                      • Instruction ID: 71f661d5577b67e8d9296008c5711fe4b847fd3fcc555a2b1d3a53e5c7834c0c
                      • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                      • Instruction Fuzzy Hash: A7516336B19A5286E7648B29D060B3C27A0EF49B58F248131CE5D1F7F8DB3AE852C740
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                      • Instruction ID: d248296e56ecf6a1f5c14014b072ca66280851c72a503f7febd9836e0e1d64ce
                      • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                      • Instruction Fuzzy Hash: 91516376B19E5285E7248B29C064B2827A0EF45B58F658131CE5D1B7FDCF3AE893C740
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorFreeHeapLast
                      • String ID:
                      • API String ID: 485612231-0
                      • Opcode ID: 41f28692be7ae92745315fde3f78477b385e9e500dc97b00c5f08b2ed9f30c9f
                      • Instruction ID: 9b3c6e7b901601327012dd983e2ede10663bd0e3d44aabeb730779afec345146
                      • Opcode Fuzzy Hash: 41f28692be7ae92745315fde3f78477b385e9e500dc97b00c5f08b2ed9f30c9f
                      • Instruction Fuzzy Hash: D141EA73B15A5681EF04CF6AD9645697791BB48FC4B45D032DE5D8BBACDE3DD0428300
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 000c09e6b72f793487ff7eeb3392127ee352edceebd5e4b25d96442f0d5c4590
                      • Instruction ID: 165464564e996e4597bc8928ad98946796c262fc5eef42265f55a195192a3151
                      • Opcode Fuzzy Hash: 000c09e6b72f793487ff7eeb3392127ee352edceebd5e4b25d96442f0d5c4590
                      • Instruction Fuzzy Hash: 2941B0B3711A8581EF44CB75D465BA93366FB09BD8F85A13ADE5D47388DE39C009C300
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c249c1a9a9f87dfcd403f89f2b493dac5da5b1c8d5a51ba81d202083aa9d348b
                      • Instruction ID: 2ee0244948e59cfe96c9278b75af2961210089d090be4ab4200108fd55eb5743
                      • Opcode Fuzzy Hash: c249c1a9a9f87dfcd403f89f2b493dac5da5b1c8d5a51ba81d202083aa9d348b
                      • Instruction Fuzzy Hash: C731A27231824845FA5DDA61AA7F7E6E95AA38C3C0F49F137DE964E658EE3CC141CA00
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 509e356a70a69fee75e6004179e37b9800559dc64f4470ea1333ea12fbfa7096
                      • Instruction ID: 711556ace58c24dd4a0dc3c95c2256d4da9100e138976bfcaa7b9570fc16e463
                      • Opcode Fuzzy Hash: 509e356a70a69fee75e6004179e37b9800559dc64f4470ea1333ea12fbfa7096
                      • Instruction Fuzzy Hash: AD2149A2F356B606DE12863A8894C549A429F673C072DE322FD3825A99F71BE1D18700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c647679db53dfee8d6fc2b5a08d4641880eed4ffb4f8872b3d3587519baeb4ae
                      • Instruction ID: 392737eeceb1e0a6a7e45f0329218d269bd1860e6a9d4d4dc002388fcbd932e6
                      • Opcode Fuzzy Hash: c647679db53dfee8d6fc2b5a08d4641880eed4ffb4f8872b3d3587519baeb4ae
                      • Instruction Fuzzy Hash: C841B3B3A11740CFD751CF34D09196AB7B1FB19B48B19CA22DB18DB228EB39E545CB50
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a6cf7086033877038e98547aab7e423bf7c8cca03c2a5b6a100fcbf2f159150
                      • Instruction ID: 98d2319cfbfb6ec2cb622e7d0467bae271b03bff824d449c0d995b4e1141fa24
                      • Opcode Fuzzy Hash: 9a6cf7086033877038e98547aab7e423bf7c8cca03c2a5b6a100fcbf2f159150
                      • Instruction Fuzzy Hash: 4E312E53D16A9852E3136B3D530B3B7D3A2BBD43E9F318341DBC522A46E73C6344A210
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                      • API String ID: 2943138195-1482988683
                      • Opcode ID: c100a6b82ab370481fdf32e0d56ca31663057020fa756cab3f6d667cb0f5af21
                      • Instruction ID: d2288938e8ccad0dbde26f40129b20c695a2cf308f5fd15c35821ec9bec0f709
                      • Opcode Fuzzy Hash: c100a6b82ab370481fdf32e0d56ca31663057020fa756cab3f6d667cb0f5af21
                      • Instruction Fuzzy Hash: 81024D76F1A61394FB149B64E9B4ABC27A0FB09348F684135CA2D5AAFCDF3CA545C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: Argument not found.$Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid fill (too long).$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.$invalid fill character '{'
                      • API String ID: 909987262-3616396990
                      • Opcode ID: da059f963979f38b5e7a61a2e3b2238f74d3c5ab9e431b0846fe473c53cbf30d
                      • Instruction ID: e2d3db252ec4d656dcdae58a41ef27105452f9905aeb31dda199447b27efc589
                      • Opcode Fuzzy Hash: da059f963979f38b5e7a61a2e3b2238f74d3c5ab9e431b0846fe473c53cbf30d
                      • Instruction Fuzzy Hash: CF510666B0E29BB5EF518B15D424A782B90AF55F40F4D6031DA6E0F6F9DE2CE441C310
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: `anonymous namespace'
                      • API String ID: 2943138195-3062148218
                      • Opcode ID: b9860cc78039532e296e8b31e0c3c8b887e741e96b46344d634a29b27477d32a
                      • Instruction ID: 7f672d816f5c59f885eb3534407b8bc5c3f4a7a3dc9928fdbbb146058437e43d
                      • Opcode Fuzzy Hash: b9860cc78039532e296e8b31e0c3c8b887e741e96b46344d634a29b27477d32a
                      • Instruction Fuzzy Hash: 0DE17E72B0AB8395EB10CF24E4A09AC77A4FB44784F645036EA9D5BBA9DF3CE554C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: Argument not found.$Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid fill (too long).$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.$Unmatched '}' in format string.$invalid fill character '{'
                      • API String ID: 909987262-704016018
                      • Opcode ID: 1e894801ca988bf15ebd6ec6a98c1fc20c4d6064881d087de3528c85137c96d1
                      • Instruction ID: da94acfd8ab300f369997d37ad9414d07955b02860d2ff9c69f2a90c55a8af0f
                      • Opcode Fuzzy Hash: 1e894801ca988bf15ebd6ec6a98c1fc20c4d6064881d087de3528c85137c96d1
                      • Instruction Fuzzy Hash: E321D825F0F94BB9EB189724C476BB837A9DF50F50F942635C23E4E2F9DE2CA5918240
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID:
                      • API String ID: 2943138195-0
                      • Opcode ID: a29263985357c4185646751ae08dbec72460e706a323b6316621b808d1d7bc47
                      • Instruction ID: a1a3849928098aa974fd54fd8af93f0ad9f5be71e777120a3228d1c6110fd150
                      • Opcode Fuzzy Hash: a29263985357c4185646751ae08dbec72460e706a323b6316621b808d1d7bc47
                      • Instruction Fuzzy Hash: 3FF18A76B0A6839AE710DF64E4A05FC37B0EB0434CB644532DA6D6BAEDDE38D559C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: NameName::$Name::operator+
                      • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                      • API String ID: 826178784-2441609178
                      • Opcode ID: 20b2abadde5da2ae1ddde090325b674bd4c1340cab84b38ebc29aa5e8a78a6b3
                      • Instruction ID: 67541339fb2b6f070bf740dce4c85b1420542e7d50e0723ac5216586bcd03045
                      • Opcode Fuzzy Hash: 20b2abadde5da2ae1ddde090325b674bd4c1340cab84b38ebc29aa5e8a78a6b3
                      • Instruction Fuzzy Hash: 2AF18D62F1A68394FB149B74A5B8DBD27A0EF04784F640136DE2E1EAFDDE3CA5458340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: Argument not found.$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Unknown format specifier.
                      • API String ID: 909987262-1402337325
                      • Opcode ID: 852d8f30413072a41a9acb1cb4821a637de1bfc84c6500ccb21beb13cb10ce47
                      • Instruction ID: 079426b439a76d84ec8a8076b2fde481aa08341d4507b7b88ea259e2edcbd2c8
                      • Opcode Fuzzy Hash: 852d8f30413072a41a9acb1cb4821a637de1bfc84c6500ccb21beb13cb10ce47
                      • Instruction Fuzzy Hash: 3251AE62B0AA47A9EB00DF64D4606FC3361AB19B98F445136DA2D1EAEDDF3CD11AC340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID:
                      • API String ID: 2943138195-0
                      • Opcode ID: 5f8004f4d1bd040818cf0d3538c920170fe6bc21241ac7da9fed96537ed4685f
                      • Instruction ID: b312ac1f30d916380bf1809067d4c4f7ae9e7fc07e8f06f62f0d2a327228d5b7
                      • Opcode Fuzzy Hash: 5f8004f4d1bd040818cf0d3538c920170fe6bc21241ac7da9fed96537ed4685f
                      • Instruction Fuzzy Hash: 6A714C72B06A43A9EB10DF64E4A05EC33B1EB4478CB904431DA1D5BAEDEF38D655C380
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateFeaturePresentProcessor
                      • String ID:
                      • API String ID: 2221425841-0
                      • Opcode ID: dfd71fbd023fae2ebb41605f234f9b2ee70f5aafe01ce3ee885fd70a0691c48c
                      • Instruction ID: 17eff47d0c1afcde8549cc0e4ba5a82e84cdeb48e757d789aaf59d66790956e0
                      • Opcode Fuzzy Hash: dfd71fbd023fae2ebb41605f234f9b2ee70f5aafe01ce3ee885fd70a0691c48c
                      • Instruction Fuzzy Hash: B851B921F0954389FB209B75A834ABD2BA0EF4675CF244235CD399E6EDDE68D4418710
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                      • API String ID: 2943138195-1464470183
                      • Opcode ID: 50d65f81b843bc446e088cdd40ec6fe37d233a158ffb5bb49f73259f984ada69
                      • Instruction ID: 3d5e655a597a19ada8d20ef4015b6aea366cee7eefe13b344fc1c75b04fcffa4
                      • Opcode Fuzzy Hash: 50d65f81b843bc446e088cdd40ec6fe37d233a158ffb5bb49f73259f984ada69
                      • Instruction Fuzzy Hash: DF512972F1A61799FB10DB64E8A09BC2B70FB04388F64013ADA5D5AEEDDF28E555C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: : missing required parameter '$Cofactor$Curve$DL_GroupParameters_EC<EC>$GroupOID$SubgroupGenerator$SubgroupOrder
                      • API String ID: 3668304517-2280919341
                      • Opcode ID: c6b3c6989d034716b395edafa0dc23c966fd5e5ef6e8809c5add72ff7e0bd1be
                      • Instruction ID: 2db73b3556fea2b4d32272e81ef2dbd37aea12ce945fba78c95ae49f0202f248
                      • Opcode Fuzzy Hash: c6b3c6989d034716b395edafa0dc23c966fd5e5ef6e8809c5add72ff7e0bd1be
                      • Instruction Fuzzy Hash: 8DE18D72B06A8794EF10DF61D8A4AE92361FB85B98F449432EA2D4B6FDDF38D545C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskErrorLast
                      • String ID: operation failed with error $OS_Rng:
                      • API String ID: 2277578949-700108173
                      • Opcode ID: 14eeb0fa364cd80e698f63d657d47487c2efc40f27f8e3c0aa9e58351d5ada90
                      • Instruction ID: d05261e5e6661264c7a20d9fcc9206be392fef1ef7ee531d3b20272756d6a8d1
                      • Opcode Fuzzy Hash: 14eeb0fa364cd80e698f63d657d47487c2efc40f27f8e3c0aa9e58351d5ada90
                      • Instruction Fuzzy Hash: C3A18262F16B8649FB008B65D4607BD2362EB99798F505231EE7C1A7EADF3CE185C340
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                      • API String ID: 0-3207858774
                      • Opcode ID: 9970b5ccc322f50bec69583ab25d9488b0b526dd466357cb340dbf02cb49d5c5
                      • Instruction ID: 1a5d356e49e3c341879ea6ee287fec4e8fcc2bac3069bed214e854f632b1374d
                      • Opcode Fuzzy Hash: 9970b5ccc322f50bec69583ab25d9488b0b526dd466357cb340dbf02cb49d5c5
                      • Instruction Fuzzy Hash: B781AE62B1AA8795EB108F20D4A0AB837A1EF04B88F549532DA6D0B7F9DF3CE545C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: std::_$Concurrency::cancel_current_taskLockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                      • String ID: bad locale name$false$true
                      • API String ID: 461674175-1062449267
                      • Opcode ID: b77aaba0802fbf532033256dbc466d5a718d53abbf90940fe2b125089881c75e
                      • Instruction ID: e17d3d09e69ec58b423d04d3473530fe76eb18860031d7360c9acdab4e87a371
                      • Opcode Fuzzy Hash: b77aaba0802fbf532033256dbc466d5a718d53abbf90940fe2b125089881c75e
                      • Instruction Fuzzy Hash: E2618F32B0BB428AFB11DBA4E4207BD32A5AF84B48F145434DA6D5FAEDDE38D415C354
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                      • API String ID: 2943138195-2239912363
                      • Opcode ID: ad69e7676641cb751fe2781d35458e0314907f8473298f368c72a36afc7ce6a4
                      • Instruction ID: 81ee8ee4a793593afcf0b9ddfc90bcb7eb584dbb396ae6a1612d3125ef7f9da7
                      • Opcode Fuzzy Hash: ad69e7676641cb751fe2781d35458e0314907f8473298f368c72a36afc7ce6a4
                      • Instruction Fuzzy Hash: 6A514F62F1AB5798FB11CB60E8A06BC37B4EB08744F644136DA5D5AAEDEF3C9058C710
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLasthtons$Xtime_get_ticksclosesocketconnectioctlsocketsocket
                      • String ID:
                      • API String ID: 712701749-0
                      • Opcode ID: 7e3ad837a012701c2ff9d0a130d5f4c64b38bbc2689cd5f852cf80a53958edd9
                      • Instruction ID: 9b76b3a6b39b5ceed344b4a1919f4d92706a2e4179009146d247952036cf2feb
                      • Opcode Fuzzy Hash: 7e3ad837a012701c2ff9d0a130d5f4c64b38bbc2689cd5f852cf80a53958edd9
                      • Instruction Fuzzy Hash: 0A31A122A09A4681EB108F25E8105697760EB58F78F149335EABD0B7E9DF3CD085D704
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                      • String ID: csm$csm$csm
                      • API String ID: 849930591-393685449
                      • Opcode ID: 8214f45ecad1e28f61f107e78f3edc604edcf0266de1099433125364fa9f4567
                      • Instruction ID: d9ce680ed8f3a6646d330953d2b20b78a1d570b00b3ab6cef3e11c7d5294fb37
                      • Opcode Fuzzy Hash: 8214f45ecad1e28f61f107e78f3edc604edcf0266de1099433125364fa9f4567
                      • Instruction Fuzzy Hash: C2D16032B0978386EB20DB65A850BAD77A0FB55788F204135EE6D5B7E9DF38E580C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                      • String ID: Negative width.$Number is too big.
                      • API String ID: 3237623162-1861685508
                      • Opcode ID: 763bcf7a5769fc43bb4a27eb96f043e78b1c405903fb87348719515fef5ff4bd
                      • Instruction ID: 4e480f23bde6bfb2df2a8ff8828d3c1e0083a624034dd1c50d36ec3a4a83f024
                      • Opcode Fuzzy Hash: 763bcf7a5769fc43bb4a27eb96f043e78b1c405903fb87348719515fef5ff4bd
                      • Instruction Fuzzy Hash: ECA14522B0A68756DB14DF25A4218B96760FF95FD4F144631EEAD0BBEADE3CE142C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Cpp_errorThrow_std::_$AcquireCurrentExclusiveLockThreadXtime_get_ticks
                      • String ID:
                      • API String ID: 4035917859-0
                      • Opcode ID: 5b0f592b6bad469ff9a9ac4a5298cbfee1647dd88c5fc1c53353a5131d47215d
                      • Instruction ID: 08eaabdd03a36808da4f756f68332a4febf6c49ff718fca1ef8f42cefed49f40
                      • Opcode Fuzzy Hash: 5b0f592b6bad469ff9a9ac4a5298cbfee1647dd88c5fc1c53353a5131d47215d
                      • Instruction Fuzzy Hash: 7091B072F16B4286EB008B75E4547AD23A1FB49BA8F105335EE6C1BBE9DE38D091C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID: f$p$p
                      • API String ID: 3215553584-1995029353
                      • Opcode ID: 39bb40b701b96a0096dcea3733e3b8e80183c7a15ca1de3b14265d2cb685e729
                      • Instruction ID: e4a01faf83ef6a9f2d4bbfb01584fd73ad243e1a56b8ef22fdd32248c6034279
                      • Opcode Fuzzy Hash: 39bb40b701b96a0096dcea3733e3b8e80183c7a15ca1de3b14265d2cb685e729
                      • Instruction Fuzzy Hash: 2612A571B0EA4386FB649A14D064A797692FF80750F94C136E6A94BEECDF3CE590DB00
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID:
                      • API String ID: 3215553584-0
                      • Opcode ID: 355f458a4225a0281101f9e541c8bc122854980bee9205288e4825ecd3227854
                      • Instruction ID: cc9e2b3e0295da3cd9194bb138da0728a4225bd405b680bde9fcc7d13e3bae94
                      • Opcode Fuzzy Hash: 355f458a4225a0281101f9e541c8bc122854980bee9205288e4825ecd3227854
                      • Instruction Fuzzy Hash: 2FC1E122B0AA8781FB21AB149460ABD7790FF80B9CF554131DA6E0B3F9CF7DE8458310
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: $ $
                      • API String ID: 3668304517-3665324030
                      • Opcode ID: 187a581125c0c8667baee678a40912781559756569e3ad6486e1f30450dac9c7
                      • Instruction ID: 59194a4e3e540cd7ba582d68a853ec7f643648bda4af6ccd4abf8843fadfa0b6
                      • Opcode Fuzzy Hash: 187a581125c0c8667baee678a40912781559756569e3ad6486e1f30450dac9c7
                      • Instruction Fuzzy Hash: 5981A362F0AB8661FB109B65D4657AD6361BF49BD8F545231EEBC0AAEDDE2CD0818300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                      • String ID: $Failed to deserialize object
                      • API String ID: 3936042273-753972862
                      • Opcode ID: 762814bd836b04c834a0657919f3d177fb83be48ff78085885903f2da025e09c
                      • Instruction ID: 9b4597c2e5ffc209da544a3e823e13b9899d5cec4262071f46fcdb0e9e2a197f
                      • Opcode Fuzzy Hash: 762814bd836b04c834a0657919f3d177fb83be48ff78085885903f2da025e09c
                      • Instruction Fuzzy Hash: 5F91E222B1AB8282EB10CF65D4656BD6360FB59794F545235EEAD1BBE9DF38E0C1C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: {for
                      • API String ID: 2943138195-864106941
                      • Opcode ID: 41704f21a11950867ea1e1fd5da5d81cfa9041306fc224019d652ae96451f81e
                      • Instruction ID: 85d289f0d0ea5388e90abcd47d85eb6b61098f55521b4b4c31776fa967db14c7
                      • Opcode Fuzzy Hash: 41704f21a11950867ea1e1fd5da5d81cfa9041306fc224019d652ae96451f81e
                      • Instruction Fuzzy Hash: 3A512872B0AA87A9FB119F24D4A07E837A0EB44748F549432DA6C4BBE9DF7CD594C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CounterErrorLastPerformanceQuery
                      • String ID: Timer: QueryPerformanceCounter failed with error $Timer: QueryPerformanceFrequency failed with error
                      • API String ID: 1297246462-2136607233
                      • Opcode ID: df7ff94602166289a42e225d86edb95e8729115b8e04d586c0ff8c1ef39a7456
                      • Instruction ID: 3975bf3b669001b225b56cc74893d0b3b4eb481146a5a67e7b075d27972f6c2c
                      • Opcode Fuzzy Hash: df7ff94602166289a42e225d86edb95e8729115b8e04d586c0ff8c1ef39a7456
                      • Instruction Fuzzy Hash: 8D413221B0AA8785EB209B25F861B7633A1FF94784F544132D66D8B7F9DF2CE545CB00
                      APIs
                      • LoadLibraryExW.KERNEL32(?,?,00000000,00007FFDFB681323,?,?,?,00007FFDFB675B42,?,?,?,00007FFDFB67582D), ref: 00007FFDFB6811A1
                      • GetLastError.KERNEL32(?,?,00000000,00007FFDFB681323,?,?,?,00007FFDFB675B42,?,?,?,00007FFDFB67582D), ref: 00007FFDFB6811AF
                      • LoadLibraryExW.KERNEL32(?,?,00000000,00007FFDFB681323,?,?,?,00007FFDFB675B42,?,?,?,00007FFDFB67582D), ref: 00007FFDFB6811D9
                      • FreeLibrary.KERNEL32(?,?,00000000,00007FFDFB681323,?,?,?,00007FFDFB675B42,?,?,?,00007FFDFB67582D), ref: 00007FFDFB681247
                      • GetProcAddress.KERNEL32(?,?,00000000,00007FFDFB681323,?,?,?,00007FFDFB675B42,?,?,?,00007FFDFB67582D), ref: 00007FFDFB681253
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Library$Load$AddressErrorFreeLastProc
                      • String ID: api-ms-
                      • API String ID: 2559590344-2084034818
                      • Opcode ID: 07acfc434d8fba2c25cf224bca2edca38b86016518df40fca1d637bedadf550a
                      • Instruction ID: 6c59f728e233cd748ee737a43d27637fca5d91ccf29688458cc4855b702fb447
                      • Opcode Fuzzy Hash: 07acfc434d8fba2c25cf224bca2edca38b86016518df40fca1d637bedadf550a
                      • Instruction Fuzzy Hash: 06319021B1BA47D5EF129B46A8609352294BF48BA0F494635DD7D4F7E8EF3CE485C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                      • API String ID: 2943138195-2211150622
                      • Opcode ID: a81fb7c0f206b3fd3ea3989759a5cb9e85c98106f35305438c8eddaaf482a0f7
                      • Instruction ID: 418601bf481104a0bef1ff9d31f6b01b54b0235ae5e42706926eaf9f5f93fcc7
                      • Opcode Fuzzy Hash: a81fb7c0f206b3fd3ea3989759a5cb9e85c98106f35305438c8eddaaf482a0f7
                      • Instruction Fuzzy Hash: 5D410FB2F1AB4798F7118B64E8A05BC37A0EB08344F645536CA6C5A7F8DF7C9584C704
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: char $int $long $short $unsigned
                      • API String ID: 2943138195-3894466517
                      • Opcode ID: 10458723e1e0f583feefcb74a5f1fe46058df9c9ab332140c206a2f0c883819b
                      • Instruction ID: dbfa296dbe3edefd13e8a5cd6688b3f77ef7c9b788d4caa5bbbc24c482ed9852
                      • Opcode Fuzzy Hash: 10458723e1e0f583feefcb74a5f1fe46058df9c9ab332140c206a2f0c883819b
                      • Instruction Fuzzy Hash: 9C316B72F1A65389E7418B78E8A09BC37A0EB49744F548136DA6C5ABFCDE3CD544C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Value$ErrorLast
                      • String ID:
                      • API String ID: 2506987500-0
                      • Opcode ID: 142cda5b445fd9cd4b8819c48a9508090ce2e32c12d230240076127be46704ae
                      • Instruction ID: 90006bf39bb675d1f4f2a2ce97d7d69087bfbcaf77d72e2684035e5eb91c8118
                      • Opcode Fuzzy Hash: 142cda5b445fd9cd4b8819c48a9508090ce2e32c12d230240076127be46704ae
                      • Instruction Fuzzy Hash: 28215B30F0FA4342FB5867619671D3962425F48BA4F148B39E93E4FAFEEE2CE4854611
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                      • String ID: CONOUT$
                      • API String ID: 3230265001-3130406586
                      • Opcode ID: b6553d28cb4e406af14dd068af80b7bbb2cedc99278983a23cf07c38739057e1
                      • Instruction ID: dfd0438c3b4fd92f83164fc22cfad77e76e428bd85fe416fe66839eb93ec37f5
                      • Opcode Fuzzy Hash: b6553d28cb4e406af14dd068af80b7bbb2cedc99278983a23cf07c38739057e1
                      • Instruction Fuzzy Hash: B5115431719B4286E7508B56E96472576A4FB48FE4F044235E97D8B7F8CF7CD4448740
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID: $ $ $@
                      • API String ID: 73155330-2667860089
                      • Opcode ID: 355042243a2969ce2c645eaf548f360dec7be57eff7f6389d299ea3ace8be27d
                      • Instruction ID: 420ef11d30a9773507be3f530385f6a9eb737f5ed08eb817dc1372606183714d
                      • Opcode Fuzzy Hash: 355042243a2969ce2c645eaf548f360dec7be57eff7f6389d299ea3ace8be27d
                      • Instruction Fuzzy Hash: A6014422F0B74751FF146B61A565B7C2290AF597B0F688B30DE7D0A7E9FE2CE4918210
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                      • API String ID: 667068680-1047828073
                      • Opcode ID: 13902cd22a4d49b05a42bb127ae860c44e9e1ff68acdfa1180e7bfb29cf8e054
                      • Instruction ID: 99fbe7ad8f84c98784d1911ca9a46fc154f1083d7900440a39334553ac198b7b
                      • Opcode Fuzzy Hash: 13902cd22a4d49b05a42bb127ae860c44e9e1ff68acdfa1180e7bfb29cf8e054
                      • Instruction Fuzzy Hash: 66E0ED20B0BB0381EF408B55ACA48643BA8AF08B41F444031C86E4A3B8EF6DA499C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ByteCharMultiStringWide
                      • String ID:
                      • API String ID: 2829165498-0
                      • Opcode ID: c69d599fc502ed974573801a2f5a1aeb25cc92b8b09d0c3ccbf250c0654745a9
                      • Instruction ID: 7d3ef5f4b4e51b0fe7c6b1beacb7e31f30542bd42fa8bd24e509a5e3952b0e43
                      • Opcode Fuzzy Hash: c69d599fc502ed974573801a2f5a1aeb25cc92b8b09d0c3ccbf250c0654745a9
                      • Instruction Fuzzy Hash: 82818272B0A74286EB208F15A960B7972D5FF44BA4F244235EA6D4BBE8DF7CD4468700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+$NameName::
                      • String ID:
                      • API String ID: 168861036-0
                      • Opcode ID: dd1491023aa3f01291226eee60ccf1eed5b06d5e4ff3d5b7f7fdd318a87d23d1
                      • Instruction ID: 2c00fe8eb0ed1bfd183b0b864f181b2f82a0e5741ce4141454bbac209062bfe9
                      • Opcode Fuzzy Hash: dd1491023aa3f01291226eee60ccf1eed5b06d5e4ff3d5b7f7fdd318a87d23d1
                      • Instruction Fuzzy Hash: C8718D72B1AA5385E710CB65E8A0BAC37A1FB44784F648036DA6C4BAE9DF3CD481C700
                      APIs
                      • GetCurrentThreadId.KERNEL32 ref: 00007FFDFB672C69
                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,00007FFDFB672E41,?,?,?,00007FFDFB63A6BE), ref: 00007FFDFB672C88
                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,00007FFDFB672E41,?,?,?,00007FFDFB63A6BE), ref: 00007FFDFB672CAA
                      • sys_get_time.LIBCPMT ref: 00007FFDFB672CC5
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,00007FFDFB672E41,?,?,?,00007FFDFB63A6BE), ref: 00007FFDFB672CEB
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,00007FFDFB672E41,?,?,?,00007FFDFB63A6BE), ref: 00007FFDFB672D03
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                      • String ID:
                      • API String ID: 184115430-0
                      • Opcode ID: 3538d72cd420df0075b96c4acfd20637aacb013f4136ac6e0bf9d43b99a0fc02
                      • Instruction ID: 426696d6620390f86002e8b8b438dfbf2588ecb2bff97ab0d578537a611209f7
                      • Opcode Fuzzy Hash: 3538d72cd420df0075b96c4acfd20637aacb013f4136ac6e0bf9d43b99a0fc02
                      • Instruction Fuzzy Hash: CF414F32B1A60386EB64AF14E464A797360FB15B48F604431DA6D4A6FDDF3CE895CB00
                      APIs
                      • GetLastError.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D6F7
                      • FlsSetValue.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D72D
                      • FlsSetValue.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D75A
                      • FlsSetValue.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D76B
                      • FlsSetValue.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D77C
                      • SetLastError.KERNEL32(?,?,0000FBDB617AEA9A,00007FFDFB687021,?,?,?,?,00007FFDFB695AFA,?,?,00000000,00007FFDFB697537,?,?,?), ref: 00007FFDFB68D797
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Value$ErrorLast
                      • String ID:
                      • API String ID: 2506987500-0
                      • Opcode ID: 1502874ff45f76d6c21981aded53722def914637955730e95e8c36915b443b15
                      • Instruction ID: 49be4a07e32bc1c23f5da7fe87bf172d161ef33f1f6eecff0ad9ea25c2d66b91
                      • Opcode Fuzzy Hash: 1502874ff45f76d6c21981aded53722def914637955730e95e8c36915b443b15
                      • Instruction Fuzzy Hash: A9114D34B0BA8342FB5467619671D3962425F49BB0F548B38E93E4F7FEEE2CE4454210
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                      • API String ID: 0-1866435925
                      • Opcode ID: 80f342c240423b6d439152f815833a2122f4de5321d2102b59a4447c8f842826
                      • Instruction ID: 56aedb3fbbcf017acedad3af473e01645d4ded514d4c04566c5c1e590148452d
                      • Opcode Fuzzy Hash: 80f342c240423b6d439152f815833a2122f4de5321d2102b59a4447c8f842826
                      • Instruction Fuzzy Hash: 97A1A22270AA8685EB108F1AD4A077977A0FB85FD4F188436DE5D4B7A9DF3DD846C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: is not a valid key length
                      • API String ID: 3668304517-2125742942
                      • Opcode ID: a44de9033452221f4bd46209454bd3b707c15caffd560188833769e5ef704fd8
                      • Instruction ID: ecd4ef6ed0a9012214c2fe1b0416ebef0d7d9539974547c849ed5175034c6822
                      • Opcode Fuzzy Hash: a44de9033452221f4bd46209454bd3b707c15caffd560188833769e5ef704fd8
                      • Instruction Fuzzy Hash: C271A062B1AB4685FB009B65E460BFC2361EB497A8F545235DA7C1BBEEDE3CD181C340
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: " not used$er "
                      • API String ID: 0-1755945580
                      • Opcode ID: 29fa0ffc7e4caed9bf46794d5c3b7cd480e7ea70539fa8ede82fa101d327d427
                      • Instruction ID: 39564dc029e633f6570dfe4126a67410744dc0ed5213a6a39a3490d627d2e25e
                      • Opcode Fuzzy Hash: 29fa0ffc7e4caed9bf46794d5c3b7cd480e7ea70539fa8ede82fa101d327d427
                      • Instruction Fuzzy Hash: DD717462F15B8689FB00CB74D8617BC2361EB59798F549331DE6C1A6EAEF78E190C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                      • API String ID: 2943138195-757766384
                      • Opcode ID: ca8ed66d334534281d261613d577ab165b8490c58799e91a0b749e31a8b8903d
                      • Instruction ID: c98577fbd90d44c012f8b2e0c1632856dfaf2461f4ad9f01e28f39a63c056e1c
                      • Opcode Fuzzy Hash: ca8ed66d334534281d261613d577ab165b8490c58799e91a0b749e31a8b8903d
                      • Instruction Fuzzy Hash: 59714072B1A75384EB148F64E8A087C76A9FB09784F644536D96D4ABFCDF3CE1648700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                      • String ID: bad locale name
                      • API String ID: 2967684691-1405518554
                      • Opcode ID: 66edb30a6dfeee2680ee6c89157b69503e4bf244230b7eb6e4f5d53ee7052f28
                      • Instruction ID: 65948ec20b839ca1dcdcca602a8096dda44e75b91a74f32fe829b9ebef6790e5
                      • Opcode Fuzzy Hash: 66edb30a6dfeee2680ee6c89157b69503e4bf244230b7eb6e4f5d53ee7052f28
                      • Instruction Fuzzy Hash: 33518F22B0AB4289FB11CBA1D4607BD33A4EF84B88F184435DE9D2BAE9DF38D515C354
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                      • String ID: Negative precision.$Number is too big.
                      • API String ID: 3237623162-3993994484
                      • Opcode ID: 37132bcf24ecc0e7e2323566394ab3b0f24b108b6752cd909be6af9d9ac3697a
                      • Instruction ID: 5407f417c3b2aa9750005566f28a54a2bddeb4964b923d617265a3c3f898d229
                      • Opcode Fuzzy Hash: 37132bcf24ecc0e7e2323566394ab3b0f24b108b6752cd909be6af9d9ac3697a
                      • Instruction Fuzzy Hash: FB41C522A1D5C796D70ADB38D0318F86F20EFA6758F188A21E3D9058ABDE5DD195CB00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: NameName::
                      • String ID: %lf
                      • API String ID: 1333004437-2891890143
                      • Opcode ID: 5f1d5fc30767cd1cb93d372c74b28e38d6c85c6f7125ac1e31084da6f02c8b25
                      • Instruction ID: 93eebc8b8fcae3e25c49160589e21d0b5016e60ac0738d2dd06a72238b382c12
                      • Opcode Fuzzy Hash: 5f1d5fc30767cd1cb93d372c74b28e38d6c85c6f7125ac1e31084da6f02c8b25
                      • Instruction Fuzzy Hash: 62319261B1EB8781E710DB21B8A08B97750FF55780F648132D9AE4BAF9DF2CE5418340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: NameName::
                      • String ID: `template-parameter$void
                      • API String ID: 1333004437-4057429177
                      • Opcode ID: 5fa1d82887da1f90417ad8370551d763b546491fd96c281dd15cb1d32fb51d71
                      • Instruction ID: 63690a4888e8aa27902dc330bb4569e84851c316f227d67c2c97b00023fe9508
                      • Opcode Fuzzy Hash: 5fa1d82887da1f90417ad8370551d763b546491fd96c281dd15cb1d32fb51d71
                      • Instruction Fuzzy Hash: 03416D22B19B5798FB008B64E8A1AFC23B1FB08788F645136DE5D1BAADDF3C9545C340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorLast__std_exception_copy
                      • String ID: BCryptOpenAlgorithmProvider$Microsoft Primitive Provider$RNG
                      • API String ID: 1471562160-2191745741
                      • Opcode ID: 40cf588d403c7587a3ea496d36200c32b721983c3f7a31492d57b60878080a41
                      • Instruction ID: 00814ff7175d66ac13ee28210adc3a9b2b4934ea5cc7fd933b5e30aaf1226bb6
                      • Opcode Fuzzy Hash: 40cf588d403c7587a3ea496d36200c32b721983c3f7a31492d57b60878080a41
                      • Instruction Fuzzy Hash: EB217C62B0AB4795EB109F24E8607A92371FB98784F548032D66C4B6B9EF3CE559CB40
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: AdjustPointer
                      • String ID:
                      • API String ID: 1740715915-0
                      • Opcode ID: e4495c097494c00d02c59e9485302c0d914f74382517764e806d5db3fca400f8
                      • Instruction ID: 57feccfdd985c83716ff3ada07e6989ab08fd3a1679e30c82ba2a53b9efb7fe1
                      • Opcode Fuzzy Hash: e4495c097494c00d02c59e9485302c0d914f74382517764e806d5db3fca400f8
                      • Instruction Fuzzy Hash: 15B1B222B0B64381EF659B15A9A4D3963A0EF44B84F398435DE6D0F7EDDE3CE4918740
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: 1932a0e649effde48a060eaf698a1baa9c863acae708b68475c5274fe8837a8c
                      • Instruction ID: e8ffc1eecb5a70cc0aa2b4d1366bde1053d577200083cb533645c23f3de8fe4b
                      • Opcode Fuzzy Hash: 1932a0e649effde48a060eaf698a1baa9c863acae708b68475c5274fe8837a8c
                      • Instruction Fuzzy Hash: 62619062B2674B54EF00DBB9D065BAD2361AF857A4F105731EA3C1ABEDDE28E181C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Window$ForegroundText_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 4018886193-0
                      • Opcode ID: 9006d8dc82fbec5b89c071509fd411ae7e4f27a5b73f2cd900d7c8c2c9cb992f
                      • Instruction ID: d5293d198af52846575a7270d4378d974533055986c4bad2c567436695ec397e
                      • Opcode Fuzzy Hash: 9006d8dc82fbec5b89c071509fd411ae7e4f27a5b73f2cd900d7c8c2c9cb992f
                      • Instruction Fuzzy Hash: E851D622B1AB8285EB118B15E8507B97390FF89794F041335EAEE4ABE9DF3CD185C700
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1bbd6a9d7cf0cc4cae3a24be0a327fc45526a94b018f38557e009b1f26400f0
                      • Instruction ID: 83ddb1e5481d298b4573428274f1fe79c8ad703d4511aab928c8f1b7ccc35c55
                      • Opcode Fuzzy Hash: c1bbd6a9d7cf0cc4cae3a24be0a327fc45526a94b018f38557e009b1f26400f0
                      • Instruction Fuzzy Hash: BE31F722B15A8741EB119F21D464AFA6361FF49B98F495231EE7C1B7EADE3CD482C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _set_statfp
                      • String ID:
                      • API String ID: 1156100317-0
                      • Opcode ID: 22890494fd7f04ecd1fedbe389889413259f55ccdbea4532dfbdae7fffce05e4
                      • Instruction ID: 6dd710664da73ba05e00cad5bd1eba1c55b418b692238f6586d3be7e5ee3a3c6
                      • Opcode Fuzzy Hash: 22890494fd7f04ecd1fedbe389889413259f55ccdbea4532dfbdae7fffce05e4
                      • Instruction Fuzzy Hash: 3011A362F5FA0345F7641129E576B792060AF5437CF050A75FB7E5EAFE8F1CA8419200
                      APIs
                      • FlsGetValue.KERNEL32(?,?,?,00007FFDFB6815D7,?,?,00000000,00007FFDFB681872,?,?,?,?,?,00007FFDFB6817FE), ref: 00007FFDFB68D7CF
                      • FlsSetValue.KERNEL32(?,?,?,00007FFDFB6815D7,?,?,00000000,00007FFDFB681872,?,?,?,?,?,00007FFDFB6817FE), ref: 00007FFDFB68D7EE
                      • FlsSetValue.KERNEL32(?,?,?,00007FFDFB6815D7,?,?,00000000,00007FFDFB681872,?,?,?,?,?,00007FFDFB6817FE), ref: 00007FFDFB68D816
                      • FlsSetValue.KERNEL32(?,?,?,00007FFDFB6815D7,?,?,00000000,00007FFDFB681872,?,?,?,?,?,00007FFDFB6817FE), ref: 00007FFDFB68D827
                      • FlsSetValue.KERNEL32(?,?,?,00007FFDFB6815D7,?,?,00000000,00007FFDFB681872,?,?,?,?,?,00007FFDFB6817FE), ref: 00007FFDFB68D838
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 6ffa0fd223cdc60a1d5044abe53d23b57a5cf769f7cc5fb47aa2b229ec3b0a52
                      • Instruction ID: 524e67b4c3d7800e9d71c60225e02b64fcc584abdf6234bb7edc1be61e6bbb6d
                      • Opcode Fuzzy Hash: 6ffa0fd223cdc60a1d5044abe53d23b57a5cf769f7cc5fb47aa2b229ec3b0a52
                      • Instruction Fuzzy Hash: CF11AC30F0BA4341FB585729A6B1E7922415F597A0F04CB38E83E0E6FEEE2CF4458210
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: fd84dcb0da9b828b0143b848d5527da3232d566cac3672556988691972004ba1
                      • Instruction ID: b5fc76d9586322cdfc9fe0540db5a40981409cb80f4c8f83bca6a90fdc69ca38
                      • Opcode Fuzzy Hash: fd84dcb0da9b828b0143b848d5527da3232d566cac3672556988691972004ba1
                      • Instruction Fuzzy Hash: 9811F730F0BA0B41FB686A615871D7912414F59770F188B38E93E4E2FEEE2DF4854220
                      APIs
                      • __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FFDFB615B64
                        • Part of subcall function 00007FFDFB671D58: MultiByteToWideChar.KERNEL32 ref: 00007FFDFB671D74
                        • Part of subcall function 00007FFDFB671D58: GetLastError.KERNEL32 ref: 00007FFDFB671D82
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ByteCharErrorLastMultiWide__std_fs_convert_narrow_to_wide
                      • String ID: 0123456789abcdefghijklmnopqrstuvwxyzfalse$\u{$\x{
                      • API String ID: 1033888727-417450547
                      • Opcode ID: 600f8c5e38a3a227dfb0753e05f02865ff0f66ba66c0d3f516bc62da4632c6a1
                      • Instruction ID: 6030ff8e515688d5ab5fd58e375d6c3a31e38979b76e5384d8ced9c595b957a0
                      • Opcode Fuzzy Hash: 600f8c5e38a3a227dfb0753e05f02865ff0f66ba66c0d3f516bc62da4632c6a1
                      • Instruction Fuzzy Hash: 1B024A66B09B8696DB148F25D5A067DB761F745F88F84A122CA6E0B3ACCF38D456C310
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: integral cannot be stored in char
                      • API String ID: 909987262-960316848
                      • Opcode ID: e6867bc29b0662b3660bd55507ca080d8d08974d18d90527c54bc957c70c5480
                      • Instruction ID: 8bc9a1b598700ffff4a60bacced79f7ad01f5f70e67c1e7985588c3c2d5fe27c
                      • Opcode Fuzzy Hash: e6867bc29b0662b3660bd55507ca080d8d08974d18d90527c54bc957c70c5480
                      • Instruction Fuzzy Hash: C4D1C262B0A78695EB10CB68D4606BC77A0FB85B88F545135DAAD0BBEEDF3CD581C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: integral cannot be stored in char
                      • API String ID: 909987262-960316848
                      • Opcode ID: 5f2082fbda001ebb86046b0df268792e6807ef49ed9e73cdc653ef22ef38ae49
                      • Instruction ID: af8fab48b8b649f101d1c39192c12a221f83ae317265f2cbdb5461951963d2e9
                      • Opcode Fuzzy Hash: 5f2082fbda001ebb86046b0df268792e6807ef49ed9e73cdc653ef22ef38ae49
                      • Instruction Fuzzy Hash: 0CD1C426B1979295EB10CB68E860BBC77A0FB85B84F545135DAAD0BAEDDF3CD481C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: integral cannot be stored in char
                      • API String ID: 0-960316848
                      • Opcode ID: c2a677df50b05010e2b4a0c9841cd777a318f41e0983222368247cc314e8153b
                      • Instruction ID: c950e06d4d656992b3c3728c2cae6417ac5b9ee23eede4296bc6a5731659ac7c
                      • Opcode Fuzzy Hash: c2a677df50b05010e2b4a0c9841cd777a318f41e0983222368247cc314e8153b
                      • Instruction Fuzzy Hash: 8DC1D462B1A78299EF10CB64D8606BC67B1FB45B88F545235DAAD0BAEDDF3CD481C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: integral cannot be stored in char
                      • API String ID: 0-960316848
                      • Opcode ID: d7174415323e914e7131937490a045c368a2fa3e7c91cfb0305bbd05efb87a38
                      • Instruction ID: 65433a0af4fc59673b6dcb8331ae6574f0b5a7c76b28e826f3e387fc17a522e5
                      • Opcode Fuzzy Hash: d7174415323e914e7131937490a045c368a2fa3e7c91cfb0305bbd05efb87a38
                      • Instruction Fuzzy Hash: 5CC1E226B1A78695EB10CB64D8607BC37A0FB45B88F54A135DAAD0BAEDDF3CD481C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo
                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                      • API String ID: 3215553584-1196891531
                      • Opcode ID: 1f3a326e150c2fd37ebec3bc520d08cb817ac0eabbdf0fb483047ddc6671a4cc
                      • Instruction ID: 9dd6ff6872c868493e161e604951617181c2ae0a30c2acfe17f8db966de08498
                      • Opcode Fuzzy Hash: 1f3a326e150c2fd37ebec3bc520d08cb817ac0eabbdf0fb483047ddc6671a4cc
                      • Instruction Fuzzy Hash: 9381A132F0A36385FB644F258274A7C36A4AB10B5CF558035CA2E9F2FDDB2DE9429701
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CallEncodePointerTranslator
                      • String ID: MOC$RCC
                      • API String ID: 3544855599-2084237596
                      • Opcode ID: 36a8a76259774f742d89539f35d409902f11133b11db47f5bcfeedc7d99b474b
                      • Instruction ID: 6958682f888ee0377c467293e940149295292a9873a2d97754b7b059e892edee
                      • Opcode Fuzzy Hash: 36a8a76259774f742d89539f35d409902f11133b11db47f5bcfeedc7d99b474b
                      • Instruction Fuzzy Hash: D291A573B097828AE710CB65E8506BD7BA0FB44788F24413AEE5D5B7A9DF38D195C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: Negative width.$Number is too big.
                      • API String ID: 909987262-1861685508
                      • Opcode ID: 41ad5416036b68073ae6babc04dc5a0dd8555295887f4aa40b9356f9367038e1
                      • Instruction ID: b22709977c1a950843e666688a2cafb0e5e95288b89f932a5b08bb06c1702cac
                      • Opcode Fuzzy Hash: 41ad5416036b68073ae6babc04dc5a0dd8555295887f4aa40b9356f9367038e1
                      • Instruction Fuzzy Hash: 61615922B0968756DB11CB25E4208B9BB60FB95FD4F144631EAAC07BEADF3DE155CB00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: gfffffff$gfffffff
                      • API String ID: 3668304517-161084747
                      • Opcode ID: 4ecc399b3934313f419e667ff764bf776fc97defff71ed675bfd88371db76f41
                      • Instruction ID: 4dd2c3c2a147a628ca034ce2a84dd5eeb10a0d135960fa5cb22e16bea4d2c407
                      • Opcode Fuzzy Hash: 4ecc399b3934313f419e667ff764bf776fc97defff71ed675bfd88371db76f41
                      • Instruction Fuzzy Hash: A151BD62706B8786DB10DB16F454AA96365FB84BC4F548636DEAD8F7E9EE38D041C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$Xtime_get_ticks
                      • String ID:
                      • API String ID: 451911210-3916222277
                      • Opcode ID: c21b7ff9d9a7e1174c00422539d89c8ccb050d8bf1aac37dd004a3f788143e39
                      • Instruction ID: 9037d7cdfcbe48c64915cfcc7271904b0ad37f08f5d604823e62f5d462d530bd
                      • Opcode Fuzzy Hash: c21b7ff9d9a7e1174c00422539d89c8ccb050d8bf1aac37dd004a3f788143e39
                      • Instruction Fuzzy Hash: F061EB12B19A8691EB115F68D4117ED6370FF98798F14A321EF9C1AAA9EF3CE181C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CallEncodePointerTranslator
                      • String ID: MOC$RCC
                      • API String ID: 3544855599-2084237596
                      • Opcode ID: 23bef3fb5353da4fad35acc8dbed6ba2c9d1d842debb67157b9f511b3bd45864
                      • Instruction ID: 937f078e055e314b05f04757972ac07ac145121c139ffff6f96e668dbd31d08a
                      • Opcode Fuzzy Hash: 23bef3fb5353da4fad35acc8dbed6ba2c9d1d842debb67157b9f511b3bd45864
                      • Instruction Fuzzy Hash: FB617232A19BC681D7609F15F4507AAB7A0FB85794F144225EFAC0BBA9DF7CE190CB00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                      • String ID: csm$csm
                      • API String ID: 3896166516-3733052814
                      • Opcode ID: c747af2a0075ee68bd3537ed31092605a38708b56eeca8f88ed36e10b8a976c1
                      • Instruction ID: 35133f2a695ec724706d0312fffab2b8adaee7e0f3e71c0f70391693fd0ba5f5
                      • Opcode Fuzzy Hash: c747af2a0075ee68bd3537ed31092605a38708b56eeca8f88ed36e10b8a976c1
                      • Instruction Fuzzy Hash: 05518132B0A2438AEB648B21E464B7877A0EB55B94F244135DFAD4B7E9CF3CE450C701
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Cpp_errorThrow_std::_$CurrentThreadXtime_get_ticks
                      • String ID: @
                      • API String ID: 2795077170-2766056989
                      • Opcode ID: 195a1873deb29b87ee9136e35f71d2032e2cb5501949aa9a92f87f415d62e663
                      • Instruction ID: 894f4c36b65c1051f1c93e88652da9a5db90512e3f47d28b2cc92e84ef659f8c
                      • Opcode Fuzzy Hash: 195a1873deb29b87ee9136e35f71d2032e2cb5501949aa9a92f87f415d62e663
                      • Instruction Fuzzy Hash: A6517D32705B5686E760DF21E894AAD33A8FB48F84F115136EE9D4B7A8DF38D451C740
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                      • String ID: bad locale name
                      • API String ID: 2775327233-1405518554
                      • Opcode ID: 8d30b1df8b94b12dc024a5a0ac60f14addbb8524a45646297aecf5b3b8afaa37
                      • Instruction ID: 870ea12b39d33f904c64b63505958023f6d295008aec2febc2b689e26e8d8865
                      • Opcode Fuzzy Hash: 8d30b1df8b94b12dc024a5a0ac60f14addbb8524a45646297aecf5b3b8afaa37
                      • Instruction Fuzzy Hash: 6E413E22B1BB4289EB14DF61D460BAD33B4EF48788F084835DA9D1BAE9DE38D515C358
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xinvalid_argumentstd::_
                      • String ID: Negative precision.$Number is too big.
                      • API String ID: 909987262-3993994484
                      • Opcode ID: 54c34f4669703bcaefd856588aa82b56210f0b7ace2bca84256ac07204bcaff1
                      • Instruction ID: b8f79279069b7040527711e733854fd793cfab93d5c8f21d98c0908e33f06b8b
                      • Opcode Fuzzy Hash: 54c34f4669703bcaefd856588aa82b56210f0b7ace2bca84256ac07204bcaff1
                      • Instruction Fuzzy Hash: A541E722A0D5C756D70B9B3890318BC6F20EF92B58F188A32E3EC054EBDE5DE155CB00
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID:
                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                      • API String ID: 0-1866435925
                      • Opcode ID: 7d7e8ad66599315971daec2c00bb057c3fe767c8753ffd9703484130ad15e33c
                      • Instruction ID: d12b6507cfff88e786281d35825180a389c318c5caa9a6575ce44f63c631dfe9
                      • Opcode Fuzzy Hash: 7d7e8ad66599315971daec2c00bb057c3fe767c8753ffd9703484130ad15e33c
                      • Instruction Fuzzy Hash: BD11E9A1B1A78381EF109B06E8617A92360FF417D0F984231D6BD0B6F9DE2CE451C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: FileWrite$ConsoleErrorLastOutput
                      • String ID:
                      • API String ID: 2718003287-0
                      • Opcode ID: 871e8e0e734bd24f9801e2c8e753ca76dd52d711e65741cfa1abfb4eb8c936ed
                      • Instruction ID: 6c5da883b8ebcfd5892fde4ee5de7633ba7e90d4a2a94119ab2677ec2f90b191
                      • Opcode Fuzzy Hash: 871e8e0e734bd24f9801e2c8e753ca76dd52d711e65741cfa1abfb4eb8c936ed
                      • Instruction Fuzzy Hash: E7D1D332B19A8289EB10CF69D4506AC77B1FB4479CB144235DEAE9BBEDDE38D456C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn$closesocketshutdown
                      • String ID:
                      • API String ID: 3017505983-0
                      • Opcode ID: 10f222b22e7fdd1e8eea42a9b70bfeaf676b0102919b9b0aaa0ce0d9157a2cd3
                      • Instruction ID: 51534d0082b5f7b3ff8c188f8bd909381a5c08a7a1718401342ef3e4c6b9ba5a
                      • Opcode Fuzzy Hash: 10f222b22e7fdd1e8eea42a9b70bfeaf676b0102919b9b0aaa0ce0d9157a2cd3
                      • Instruction Fuzzy Hash: FA813932716B4696EF04CF25D5A466C63A5FB44F94F584236DB6D0BBE8CF28D8A5C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 73155330-0
                      • Opcode ID: 5ba8a64dbd2fc9a8eb25e518c573148cf832c66a70eb16aa0357319caa12a144
                      • Instruction ID: 1b6d3630618d679a5f0a66c6b885f1e6de7e7ac0792eff64b8ee43bce5f23cfb
                      • Opcode Fuzzy Hash: 5ba8a64dbd2fc9a8eb25e518c573148cf832c66a70eb16aa0357319caa12a144
                      • Instruction Fuzzy Hash: 0A71C362B0AB82A1EB10DF52A4146A9A361EB44FD0F545635EFBD0BBEDDE7CE041C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 73155330-0
                      • Opcode ID: cc5d8abde5245907724bb1010d0145cfa1f0e9695b44a2940da75b7b10b81883
                      • Instruction ID: b257acfc758857b41588c342521f7afa301fee2e7db809f8e42b8ec370c909b1
                      • Opcode Fuzzy Hash: cc5d8abde5245907724bb1010d0145cfa1f0e9695b44a2940da75b7b10b81883
                      • Instruction Fuzzy Hash: 41611662B0A61742EE18CB56B46597DA664BB49FD0F204531EEAD4FBEDDE3CE0528300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID:
                      • API String ID: 2943138195-0
                      • Opcode ID: 6e9f3a07831671e1aea90c838fb8728c73ca1fb0816a0b0053923022409c3161
                      • Instruction ID: b528d2948c280218fbdf14ce3783ab2963c6f6a7b6c21cb522531c7cc49f15f0
                      • Opcode Fuzzy Hash: 6e9f3a07831671e1aea90c838fb8728c73ca1fb0816a0b0053923022409c3161
                      • Instruction Fuzzy Hash: 33914D62F1975389FB118B64E8A0BBC37A1FB04758F644036CA6D6AAEDDF7C9845C340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Xtime_get_ticks$_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3527862911-0
                      • Opcode ID: 16576136cc2c9894c8836054e0beacd96a2776bbb70d8277da7ca53b87d78e6e
                      • Instruction ID: 5bcf8f7aad9b9ccb25a49a24c75a54fc0cd9b9abcf73ebe3b8c472e38fb43c66
                      • Opcode Fuzzy Hash: 16576136cc2c9894c8836054e0beacd96a2776bbb70d8277da7ca53b87d78e6e
                      • Instruction Fuzzy Hash: F971E162F0AB8685EB509B25E0247A86791EB45BC8F4C5136DEAD0B7EEDF2CD4C0C740
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: c25d0af81b6592d5a00343be3ed5601dd8b919c601cb9b02499ad255e8620942
                      • Instruction ID: 8c3fc1aed1745939a6a0608765308de0f19a442d6eccd50842c6ab440336f0c9
                      • Opcode Fuzzy Hash: c25d0af81b6592d5a00343be3ed5601dd8b919c601cb9b02499ad255e8620942
                      • Instruction Fuzzy Hash: DA51D162B1BA8741FF509B25E46577D2261EF84B98F604231EB7D0E7EEDE2CD4818340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3668304517-0
                      • Opcode ID: 6bb4de0c883f7c80c70e5d8559131f3eeb775df318d196c6c02f4955b1ad73d7
                      • Instruction ID: 336ddd71964f1bbe3ce857a94b004117da9fe7cbbcfa190be19929e36a11cb22
                      • Opcode Fuzzy Hash: 6bb4de0c883f7c80c70e5d8559131f3eeb775df318d196c6c02f4955b1ad73d7
                      • Instruction Fuzzy Hash: FD31D062B2B64741EE1497A9D065B7D52519F86BF0F605731EABC0BBEDCD2CE0C28604
                      APIs
                      • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFDFB61A120
                      • std::_Throw_Cpp_error.LIBCPMT ref: 00007FFDFB61A131
                      • std::_Throw_Cpp_error.LIBCPMT ref: 00007FFDFB61A13C
                      • std::_Throw_Cpp_error.LIBCPMT ref: 00007FFDFB61A147
                        • Part of subcall function 00007FFDFB672BB0: WaitForSingleObjectEx.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFDFB604888), ref: 00007FFDFB672BC9
                        • Part of subcall function 00007FFDFB672BB0: GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFDFB604888), ref: 00007FFDFB672BE1
                        • Part of subcall function 00007FFDFB672BB0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFDFB604888), ref: 00007FFDFB672BF4
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Cpp_errorThrow_std::_$CloseCodeExitHandleObjectSingleThreadWait_invalid_parameter_noinfo_noreturn
                      • String ID:
                      • API String ID: 3093482091-0
                      • Opcode ID: c9c18fc61d57ce2cda7b2cd9fe7d560f6ce8a36f7f261c456a7dc2e4d3beed03
                      • Instruction ID: abe25acb5da510039a1494860214777b7916aea4990a1b056ac942d4b89f58e0
                      • Opcode Fuzzy Hash: c9c18fc61d57ce2cda7b2cd9fe7d560f6ce8a36f7f261c456a7dc2e4d3beed03
                      • Instruction Fuzzy Hash: EC418022B05687A1E7089B60D5616FD6321FF85B84F644537D77C0BAEADF38E4A18350
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID:
                      • API String ID: 2943138195-0
                      • Opcode ID: 52e34d07d1d64f6b918862b2a4fea473303bed1bf64aee88a2adafc472effd6a
                      • Instruction ID: e3bae499890de79e71cf42035f56202bc5a2b2ece020009c6bfeec17e129e414
                      • Opcode Fuzzy Hash: 52e34d07d1d64f6b918862b2a4fea473303bed1bf64aee88a2adafc472effd6a
                      • Instruction Fuzzy Hash: F7415972B05B8299FB01CF64E4907AC37A4FB48B48F688436DA5C5BBA9DF7C9485C350
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                      • String ID:
                      • API String ID: 593203224-0
                      • Opcode ID: 1a086962bd192dee9b14e2abb29d4f75b9ea7c65e3e23d5e2a924a41609a28de
                      • Instruction ID: 86c2f2636705f87523a3ac284eadccfec99f4da64b5d37e33edc7230ec2b917d
                      • Opcode Fuzzy Hash: 1a086962bd192dee9b14e2abb29d4f75b9ea7c65e3e23d5e2a924a41609a28de
                      • Instruction Fuzzy Hash: 75316326B0AA4395EB159B17E8609796361EB55BE0F1C0132EABD4B2FDDE3CE4418300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                      • String ID:
                      • API String ID: 593203224-0
                      • Opcode ID: 3baf67bcb006a791685544cc6105ede1521384eac61bbc52dffd4743f706dec8
                      • Instruction ID: 97b2e714b1a9427baa24bd8ab05536e0b220f83650c1953119945891637d5c78
                      • Opcode Fuzzy Hash: 3baf67bcb006a791685544cc6105ede1521384eac61bbc52dffd4743f706dec8
                      • Instruction Fuzzy Hash: B7316026B0AA43A4FB159B16E8609796365EB44BE4F1C1136DA6D4B2FDDF7CE482C300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                      • String ID:
                      • API String ID: 593203224-0
                      • Opcode ID: ce68af185c8b7a6973a6c4f1c711b23fcd277bd79e053946be4c9d7da4b2bcf2
                      • Instruction ID: e01e4fbb4eeeb99661835800797c6e8b8b21316e07c4cc16fe4dd37a8d82874d
                      • Opcode Fuzzy Hash: ce68af185c8b7a6973a6c4f1c711b23fcd277bd79e053946be4c9d7da4b2bcf2
                      • Instruction Fuzzy Hash: F0314026B0BA4395EB159B56E8609796361EB55BE0F1C0232EAAD4B2FDDF3CE4418300
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ByteCharErrorLastMultiWide
                      • String ID:
                      • API String ID: 203985260-0
                      • Opcode ID: 411036746c51ba7d793bb4093a9a88fdddd8d4a9e53d5b8c8ca7a3a35368e9d4
                      • Instruction ID: a82e9da17d608e8e145d423bf704b6fc5f88acb6d8cc13aeaffc9a8b11ae4ce3
                      • Opcode Fuzzy Hash: 411036746c51ba7d793bb4093a9a88fdddd8d4a9e53d5b8c8ca7a3a35368e9d4
                      • Instruction Fuzzy Hash: 6B216F72A19B8687E7108F15E81472E7AB4F799FC4F240135DB995BBA8DF3CD8118B40
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                      • String ID:
                      • API String ID: 2933794660-0
                      • Opcode ID: 0f9ab75aa38afcf0928a59117dd58452adf1d26a1421da5aed2cc2134a8349f8
                      • Instruction ID: 2e0e71e1d972eccb14ba32a22226dbcda69202e8b51ed27b22c6e24eac95a676
                      • Opcode Fuzzy Hash: 0f9ab75aa38afcf0928a59117dd58452adf1d26a1421da5aed2cc2134a8349f8
                      • Instruction Fuzzy Hash: AA112A26B16F068AEB00CF64E8646B933A4FB19B58F441E31DA7D4A7A8EF78D5548340
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorFileHandleInformationLast
                      • String ID:
                      • API String ID: 275135790-0
                      • Opcode ID: f97466e94353536a6acd8b06175c5b240771bb43d0827803c05d56c41f5a32cb
                      • Instruction ID: 9e05a4e4d96977a885185e286823783da39f76cce769bfaa35fdb216c8874a1f
                      • Opcode Fuzzy Hash: f97466e94353536a6acd8b06175c5b240771bb43d0827803c05d56c41f5a32cb
                      • Instruction Fuzzy Hash: 2EF0A931B0A14786FB688B65F878E742A94EF55745F200036C5365E6FCDF2DE984CB01
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Unwind__except_validate_context_record
                      • String ID: csm
                      • API String ID: 2208346422-1018135373
                      • Opcode ID: 277ff307536f53072492cced06606450f332c44b4caae9588e36d5f45ef30728
                      • Instruction ID: df0f407917daa8025ca7206bee4abd505c52ee91d329d33b36aa9ed8d43f9cb5
                      • Opcode Fuzzy Hash: 277ff307536f53072492cced06606450f332c44b4caae9588e36d5f45ef30728
                      • Instruction Fuzzy Hash: 4E519132B1A6438AEB548B15E464E7C7395EB44B94F248171DA6A4B7ECEF7CE841C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                      • String ID: gfffffff
                      • API String ID: 73155330-1523873471
                      • Opcode ID: f2734bea1ca1bb53f34bd4cc9b6d5adbb261892d50dbf8ee713ad70a092c50c4
                      • Instruction ID: dca372bcc557d5974a963c5a92e57fabf143f3223d0ea7695ec63e8cce9e3eeb
                      • Opcode Fuzzy Hash: f2734bea1ca1bb53f34bd4cc9b6d5adbb261892d50dbf8ee713ad70a092c50c4
                      • Instruction Fuzzy Hash: 355145A2B06B8B52DF109B16F4649AA6351FB44BD0F008131DEAD0B7ECEE3CE061C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: CreateFrameInfo__except_validate_context_record
                      • String ID: csm
                      • API String ID: 2558813199-1018135373
                      • Opcode ID: 35f2f6631f661e25bf168d1e06bd1ddfb4c2764b66f5d9b7923734af33c3a1a7
                      • Instruction ID: 846e9db24fd7954645232559be714c57b4e935507f3c18441c6e562ff46783fe
                      • Opcode Fuzzy Hash: 35f2f6631f661e25bf168d1e06bd1ddfb4c2764b66f5d9b7923734af33c3a1a7
                      • Instruction Fuzzy Hash: 5351443671AB8286D720DB16F49066D77A4FB88791F240535DB9D4BBA9CF3CE450CB00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: ErrorFileLastWrite
                      • String ID: U
                      • API String ID: 442123175-4171548499
                      • Opcode ID: 0f7cbb41df57a49f32bccc3daded4653a6443461b2f368db5ffe67049796f5c2
                      • Instruction ID: af2931f92269558b456891640e81fb646468df37916edbeb0a8ea787a89876d7
                      • Opcode Fuzzy Hash: 0f7cbb41df57a49f32bccc3daded4653a6443461b2f368db5ffe67049796f5c2
                      • Instruction Fuzzy Hash: 4541D672B1AA4685DB208F25E4647B977A4FB98B88F504031EE5D8B7ACDF3CE441C740
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: F$IteratedHashBase: input data exceeds maximum allowed by hash function
                      • API String ID: 3668304517-3216730400
                      • Opcode ID: 32c33d260c37e64dc73d9b5ab5a376c517084c3358e7ccd0d11bf70ce5bec24e
                      • Instruction ID: b8065283ff316d95664ef71fa0d7d494c353406113c16f2cb88a6555ae929b65
                      • Opcode Fuzzy Hash: 32c33d260c37e64dc73d9b5ab5a376c517084c3358e7ccd0d11bf70ce5bec24e
                      • Instruction Fuzzy Hash: AC316072B1AB4682DB048B65E4907696360FB89BA4F508235E6BC477F9DF3CD495C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                      • String ID: ios_base::failbit set
                      • API String ID: 1109970293-3924258884
                      • Opcode ID: 30dff207384f2997515af8d6b7496ddcf980a88d1570d86910d1a00fbabe703c
                      • Instruction ID: f6f25646a4e8af22798b4a0943213c22047406b38ead63a8b006e8efe014346d
                      • Opcode Fuzzy Hash: 30dff207384f2997515af8d6b7496ddcf980a88d1570d86910d1a00fbabe703c
                      • Instruction Fuzzy Hash: F5210A52F19B8681EB009B25E4515BA6360FF997A4F149331EAFC067E9DF3CE081C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: _invalid_parameter_noinfo_noreturn
                      • String ID: /$: this object doesn't support multiple channels
                      • API String ID: 3668304517-537585387
                      • Opcode ID: a1e7349bea60cfab25958c017f2b87710fe5c282bd1c4abafc0bd82fdfbd44cb
                      • Instruction ID: 854d9be1bb833cdaf5b09c61222ab8daa719bd00e15ca7c57348a69da243fe03
                      • Opcode Fuzzy Hash: a1e7349bea60cfab25958c017f2b87710fe5c282bd1c4abafc0bd82fdfbd44cb
                      • Instruction Fuzzy Hash: FA319472B1AB8681DF049B25E4647A963A1FB49B94F548231EABC4B7F9DE7CD081C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.4201892957.00007FFDFB601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB600000, based on PE: true
                      • Associated: 00000003.00000002.4201856979.00007FFDFB600000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4201994534.00007FFDFB6A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202059861.00007FFDFB6FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202079121.00007FFDFB700000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202105678.00007FFDFB703000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB707000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000003.00000002.4202137562.00007FFDFB710000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffdfb600000_rundll32.jbxd
                      Similarity
                      • API ID: Name::operator+
                      • String ID: void$void
                      • API String ID: 2943138195-3746155364
                      • Opcode ID: 9362244e077270b9b6bf6d449bd281f5126a948d53faee9069d263a9839acad9
                      • Instruction ID: cb8ab7de74ef9b8b43406f726fdfe243d8fd18a2bb2b1bc4b5347e5d2254642b
                      • Opcode Fuzzy Hash: 9362244e077270b9b6bf6d449bd281f5126a948d53faee9069d263a9839acad9
                      • Instruction Fuzzy Hash: 13314772F29B5698FB00DBA4E8A04EC37B0FB48748B640136DE6D5ABA9DF3C9154C750