Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
installer.msi

Overview

General Information

Sample name:installer.msi
Analysis ID:1579559
MD5:3522cfaf23ee87120655653c063ac7c5
SHA1:d16f1d044440492f04aca577d1abf2b8432da203
SHA256:09fda391ec787161ec5e93dd62356db4fa6af2024eb7b7a8db2ca14cace15339
Tags:cubermo-comLegionLoadermsiRobotDropperuser-aachum
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
AI detected suspicious sample
Bypasses PowerShell execution policy
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious MsiExec Embedding Parent
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • msiexec.exe (PID: 7508 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\installer.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7544 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7660 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 7900 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 7908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8184 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ImporterREDServer.exe (PID: 3004 cmdline: "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe" MD5: F67792E08586EA936EBCAE43AAB0388D)
        • conhost.exe (PID: 1344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • createdump.exe (PID: 7176 cmdline: "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)
      • conhost.exe (PID: 7268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7660, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7900, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7660, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7900, ProcessName: powershell.exe
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7660, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7900, ProcessName: powershell.exe
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.67.164.25, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 7660, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7660, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7900, ProcessName: powershell.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7660, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7900, ProcessName: powershell.exe
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T00:30:23.022874+010028292021A Network Trojan was detected192.168.2.449730172.67.164.25443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.2% probability
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E757B23-2B94-40A2-8917-C3140ED7AA7F}Jump to behavior
Source: unknownHTTPS traffic detected: 172.67.164.25:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: installer.msi, MSIB25.tmp.1.dr, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000009.00000000.1932339173.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\releases\dva\shared\adobe\MediaCore\Importers\ImporterREDServer\Targets\Win\Release\64\ImporterREDServer.pdb2+' source: ImporterREDServer.exe, 0000000C.00000000.1940079474.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe, 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: ucrtbase.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: installer.msi, MSIB25.tmp.1.dr, 54dfea.msi.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source: Binary string: D:\releases\dva\shared\adobe\dvacore\lib\win\release\64\dvacore.pdb source: ImporterREDServer.exe, 0000000C.00000002.1943304656.00000001802BD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ImporterREDServer.exe, 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\releases\dva\shared\adobe\MediaCore\Importers\ImporterREDServer\Targets\Win\Release\64\ImporterREDServer.pdb source: ImporterREDServer.exe, 0000000C.00000000.1940079474.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe, 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000009.00000000.1932339173.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: ImporterREDServer.exe, 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: ucrtbase.pdbUGP source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: installer.msi, MSIEDB9.tmp.1.dr, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: installer.msi, 54dfea.msi.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FA330 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,12_2_00007FFE013FA330

Networking

barindex
Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.4:49730 -> 172.67.164.25:443
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: cubermo.com
Source: unknownHTTP traffic detected: POST /updater.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: cubermo.comContent-Length: 71Cache-Control: no-cache
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: powershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://ocsp.digicert.com0H
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://ocsp.digicert.com0I
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://ocsp.digicert.com0K
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: powershell.exe, 00000004.00000002.1873207592.0000000004B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: http://schemas.mick
Source: powershell.exe, 00000004.00000002.1873207592.0000000004A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000004.00000002.1873207592.0000000004B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: ImporterREDServer.exe.1.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: ImporterREDServer.exe, 0000000C.00000002.1943304656.00000001802BD000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitieshttp://xml.org/sax/features/external-parameter-
Source: powershell.exe, 00000004.00000002.1873207592.0000000004A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
Source: powershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: installer.msi, 54dfea.msi.1.drString found in binary or memory: https://cubermo.com/updater.phpx
Source: powershell.exe, 00000004.00000002.1873207592.0000000004B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000004.00000002.1873207592.00000000050D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: installer.msi, 54dfea.msi.1.dr, ImporterREDServer.exe.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownHTTPS traffic detected: 172.67.164.25:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\54dfe7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAF3.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBCF.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC3E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIECCB.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED2A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED69.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEDB9.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB25.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6E757B23-2B94-40A2-8917-C3140ED7AA7F}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI177A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI178B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\54dfea.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\54dfea.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIEAF3.tmpJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_000000014001222012_2_0000000140012220
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_000000014000839012_2_0000000140008390
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_0000000140007FC012_2_0000000140007FC0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FF9B012_2_00007FFE013FF9B0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0141220812_2_00007FFE01412208
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0142F9DA12_2_00007FFE0142F9DA
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0142288012_2_00007FFE01422880
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FE8B012_2_00007FFE013FE8B0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE014060D012_2_00007FFE014060D0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0140ABB012_2_00007FFE0140ABB0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0141434012_2_00007FFE01414340
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0142A27C12_2_00007FFE0142A27C
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0141633812_2_00007FFE01416338
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0142BDA012_2_00007FFE0142BDA0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE014295A812_2_00007FFE014295A8
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE01422D7012_2_00007FFE01422D70
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0140CDF012_2_00007FFE0140CDF0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE01416C8412_2_00007FFE01416C84
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0140644012_2_00007FFE01406440
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0141547012_2_00007FFE01415470
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0140946012_2_00007FFE01409460
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE01410C6012_2_00007FFE01410C60
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0140BCD012_2_00007FFE0140BCD0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE014244E012_2_00007FFE014244E0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FC78012_2_00007FFE013FC780
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0141478012_2_00007FFE01414780
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE01408FB012_2_00007FFE01408FB0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FD81012_2_00007FFE013FD810
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0142B69812_2_00007FFE0142B698
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0140DF1012_2_00007FFE0140DF10
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0141071012_2_00007FFE01410710
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE01413F0012_2_00007FFE01413F00
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE1A45750812_2_00007FFE1A457508
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: String function: 000000014000BC30 appears 53 times
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: installer.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenameDataUploader.dllF vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenameucrtbase.dllj% vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenamevcruntime140.dllT vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenamemsvcp140.dllT vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs installer.msi
Source: installer.msiBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs installer.msi
Source: classification engineClassification label: mal64.evad.winMSI@17/91@1/1
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_0000000140010BE0 GetLastError,FormatMessageA,12_2_0000000140010BE0
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FA7B0 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,12_2_00007FFE013FA7B0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML2443.tmpJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7188:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7268:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1344:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7908:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF077F6DAD49D04D6C.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe""
Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\installer.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe""
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe"
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7AJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe""Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe" Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: dvacore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: libzip.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: boost_system.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: boost_date_time.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: boost_threads.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: boost_filesystem.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: dvaunittesting.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: utest.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E757B23-2B94-40A2-8917-C3140ED7AA7F}Jump to behavior
Source: installer.msiStatic file information: File size 60281856 > 1048576
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: installer.msi, MSIB25.tmp.1.dr, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000009.00000000.1932339173.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\releases\dva\shared\adobe\MediaCore\Importers\ImporterREDServer\Targets\Win\Release\64\ImporterREDServer.pdb2+' source: ImporterREDServer.exe, 0000000C.00000000.1940079474.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe, 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: ucrtbase.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: installer.msi, MSIB25.tmp.1.dr, 54dfea.msi.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source: Binary string: D:\releases\dva\shared\adobe\dvacore\lib\win\release\64\dvacore.pdb source: ImporterREDServer.exe, 0000000C.00000002.1943304656.00000001802BD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ImporterREDServer.exe, 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\releases\dva\shared\adobe\MediaCore\Importers\ImporterREDServer\Targets\Win\Release\64\ImporterREDServer.pdb source: ImporterREDServer.exe, 0000000C.00000000.1940079474.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe, 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmp, ImporterREDServer.exe.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000009.00000000.1932339173.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: ImporterREDServer.exe, 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: ucrtbase.pdbUGP source: installer.msi, 54dfea.msi.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: installer.msi, MSIEDB9.tmp.1.dr, 54dfea.msi.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: installer.msi, 54dfea.msi.1.dr
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]
Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
Source: UnRar.exe.1.drStatic PE information: section name: _RDATA
Source: BCUninstaller.exe.1.drStatic PE information: section name: _RDATA
Source: createdump.exe.1.drStatic PE information: section name: _RDATA
Source: MSI178B.tmp.1.drStatic PE information: section name: .fptable
Source: MSIEAF3.tmp.1.drStatic PE information: section name: .fptable
Source: MSIEBCF.tmp.1.drStatic PE information: section name: .fptable
Source: MSIEC3E.tmp.1.drStatic PE information: section name: .fptable
Source: MSIECCB.tmp.1.drStatic PE information: section name: .fptable
Source: MSIED2A.tmp.1.drStatic PE information: section name: .fptable
Source: MSIED69.tmp.1.drStatic PE information: section name: .fptable
Source: MSIEDB9.tmp.1.drStatic PE information: section name: .fptable
Source: MSIB25.tmp.1.drStatic PE information: section name: .fptable
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_04942F5A push esp; ret 4_2_04942F79
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0494BDA2 push esp; ret 4_2_0494BDB3
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvaunittesting.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\utest.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIECCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_regex.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\BCUninstaller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_program_options.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_threads.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_date_time.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBCF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\UnRar.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED2A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI178B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_filesystem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC3E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvacore.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_system.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\vcruntime140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB25.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED69.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAF3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEDB9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB25.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED69.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIECCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC3E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBCF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAF3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED2A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI178B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEDB9.tmpJump to dropped file
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE0142C0C0 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_00007FFE0142C0C0
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4568Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 875Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIECCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_regex.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\BCUninstaller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEC3E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_program_options.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB25.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIED69.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEBCF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\UnRar.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEAF3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIED2A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI178B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEDB9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeAPI coverage: 8.2 %
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7984Thread sleep count: 4568 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7988Thread sleep count: 875 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8028Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8004Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE013FA330 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,12_2_00007FFE013FA330
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: 54dfea.msi.1.drBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeCode function: 9_2_00007FF63D9A2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF63D9A2ECC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe""Jump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeCode function: 9_2_00007FF63D9A2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF63D9A2ECC
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeCode function: 9_2_00007FF63D9A3074 SetUnhandledExceptionFilter,9_2_00007FF63D9A3074
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeCode function: 9_2_00007FF63D9A2984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF63D9A2984
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_0000000140011004 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0000000140011004
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_0000000140011D78 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0000000140011D78
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_0000000140011F24 SetUnhandledExceptionFilter,12_2_0000000140011F24
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE01442CDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FFE01442CDC
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: 12_2_00007FFE1A46004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FFE1A46004C

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss18ae.ps1" -propfile "c:\users\user\appdata\local\temp\msi189b.txt" -scriptfile "c:\users\user\appdata\local\temp\scr189c.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr189d.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss18ae.ps1" -propfile "c:\users\user\appdata\local\temp\msi189b.txt" -scriptfile "c:\users\user\appdata\local\temp\scr189c.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr189d.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exeCode function: ___lc_locale_name_func,GetLocaleInfoEx,12_2_00007FFE0141EFC0
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exeCode function: 9_2_00007FF63D9A2DA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,9_2_00007FF63D9A2DA0
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
1
Replication Through Removable Media
1
Command and Scripting Interpreter
1
Windows Service
1
Windows Service
21
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell
1
Scripting
11
Process Injection
1
Disable or Modify Tools
LSASS Memory11
Security Software Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading
1
DLL Side-Loading
21
Virtualization/Sandbox Evasion
Security Account Manager1
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDS21
Virtualization/Sandbox Evasion
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA Secrets1
Application Window Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information
Cached Domain Credentials11
Peripheral Device Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp
DCSync1
File and Directory Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading
Proc Filesystem24
System Information Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion
/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579559 Sample: installer.msi Startdate: 23/12/2024 Architecture: WINDOWS Score: 64 49 cubermo.com 2->49 55 Suricata IDS alerts for network traffic 2->55 57 AI detected suspicious sample 2->57 59 Sigma detected: Suspicious Script Execution From Temp Folder 2->59 61 Sigma detected: Script Interpreter Execution From Suspicious Folder 2->61 9 msiexec.exe 139 107 2->9         started        12 msiexec.exe 2 2->12         started        signatures3 process4 file5 35 C:\Windows\Installer\MSIEDB9.tmp, PE32 9->35 dropped 37 C:\Windows\Installer\MSIED69.tmp, PE32 9->37 dropped 39 C:\Windows\Installer\MSIED2A.tmp, PE32 9->39 dropped 41 52 other files (none is malicious) 9->41 dropped 14 msiexec.exe 14 9->14         started        19 cmd.exe 1 9->19         started        21 createdump.exe 1 9->21         started        process6 dnsIp7 51 cubermo.com 172.67.164.25, 443, 49730 CLOUDFLARENETUS United States 14->51 43 C:\Users\user\AppData\Local\...\scr189C.ps1, Unicode 14->43 dropped 45 C:\Users\user\AppData\Local\...\pss18AE.ps1, Unicode 14->45 dropped 47 C:\Users\user\AppData\Local\...\msi189B.txt, Unicode 14->47 dropped 53 Bypasses PowerShell execution policy 14->53 23 powershell.exe 17 14->23         started        25 ImporterREDServer.exe 1 19->25         started        27 conhost.exe 19->27         started        29 conhost.exe 21->29         started        file8 signatures9 process10 process11 31 conhost.exe 23->31         started        33 conhost.exe 25->33         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
installer.msi3%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\BCUninstaller.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\UnRar.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_date_time.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_filesystem.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_program_options.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_regex.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_system.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_threads.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvacore.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvaunittesting.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\msvcp140.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\utest.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\vcruntime140_1.dll0%ReversingLabs
C:\Windows\Installer\MSI178B.tmp0%ReversingLabs
C:\Windows\Installer\MSIB25.tmp0%ReversingLabs
C:\Windows\Installer\MSIEAF3.tmp0%ReversingLabs
C:\Windows\Installer\MSIEBCF.tmp0%ReversingLabs
C:\Windows\Installer\MSIEC3E.tmp0%ReversingLabs
C:\Windows\Installer\MSIECCB.tmp0%ReversingLabs
C:\Windows\Installer\MSIED2A.tmp0%ReversingLabs
C:\Windows\Installer\MSIED69.tmp0%ReversingLabs
C:\Windows\Installer\MSIEDB9.tmp0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
cubermo.com
172.67.164.25
truetrue
    unknown
    NameMaliciousAntivirus DetectionReputation
    https://cubermo.com/updater.phptrue
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpfalse
        high
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1873207592.0000000004B66000.00000004.00000800.00020000.00000000.sdmpfalse
          high
          https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.1873207592.0000000004A11000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1873207592.0000000004B66000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              https://go.micropowershell.exe, 00000004.00000002.1873207592.00000000050D0000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                https://contoso.com/powershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    https://contoso.com/Licensepowershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      https://contoso.com/Iconpowershell.exe, 00000004.00000002.1881158632.0000000005A7D000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://schemas.mickinstaller.msi, 54dfea.msi.1.drfalse
                          unknown
                          http://xml.org/sax/features/external-general-entitieshttp://xml.org/sax/features/external-parameter-ImporterREDServer.exe, 0000000C.00000002.1943304656.00000001802BD000.00000002.00000001.01000000.00000008.sdmpfalse
                            unknown
                            https://aka.ms/winui2/webview2download/Reload():installer.msi, 54dfea.msi.1.drfalse
                              high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.1873207592.0000000004A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://cubermo.com/updater.phpxinstaller.msi, 54dfea.msi.1.drfalse
                                  unknown
                                  https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1873207592.0000000004B66000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    172.67.164.25
                                    cubermo.comUnited States
                                    13335CLOUDFLARENETUStrue
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1579559
                                    Start date and time:2024-12-23 00:29:14 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 7m 52s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:15
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:installer.msi
                                    Detection:MAL
                                    Classification:mal64.evad.winMSI@17/91@1/1
                                    EGA Information:
                                    • Successful, ratio: 33.3%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 14
                                    • Number of non-executed functions: 197
                                    Cookbook Comments:
                                    • Found application associated with file extension: .msi
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target ImporterREDServer.exe, PID 3004 because there are no executed function
                                    • Execution Graph export aborted for target powershell.exe, PID 7900 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    TimeTypeDescription
                                    18:30:24API Interceptor5x Sleep call for process: powershell.exe modified
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    172.67.164.25file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                    • sqribble.com/admin
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    cubermo.comsetup.msiGet hashmaliciousUnknownBrowse
                                    • 172.67.164.25
                                    Setup.msiGet hashmaliciousUnknownBrowse
                                    • 172.67.164.25
                                    q9bzWO2X1r.msiGet hashmaliciousUnknownBrowse
                                    • 172.67.164.25
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUSexternal.exeGet hashmaliciousLummaCBrowse
                                    • 104.21.19.35
                                    Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                    • 172.64.41.3
                                    Launcher.exeGet hashmaliciousLummaCBrowse
                                    • 104.21.66.86
                                    Setup.exeGet hashmaliciousLummaCBrowse
                                    • 172.67.151.193
                                    Setup.exeGet hashmaliciousLummaCBrowse
                                    • 172.67.191.144
                                    Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                    • 104.21.63.229
                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                    • 162.158.254.178
                                    winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                    • 104.21.18.182
                                    https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                    • 104.21.234.144
                                    nshkppc.elfGet hashmaliciousMiraiBrowse
                                    • 104.24.135.181
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    37f463bf4616ecd445d4a1937da06e19GoldenContinent.exeGet hashmaliciousVidarBrowse
                                    • 172.67.164.25
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • 172.67.164.25
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                    • 172.67.164.25
                                    LightSpoofer.exeGet hashmaliciousUnknownBrowse
                                    • 172.67.164.25
                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                    • 172.67.164.25
                                    Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                    • 172.67.164.25
                                    Company Information.pdf.lnkGet hashmaliciousUnknownBrowse
                                    • 172.67.164.25
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exesetup.msiGet hashmaliciousUnknownBrowse
                                      Setup.msiGet hashmaliciousUnknownBrowse
                                        q9bzWO2X1r.msiGet hashmaliciousUnknownBrowse
                                          C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\BCUninstaller.exesetup.msiGet hashmaliciousUnknownBrowse
                                            Setup.msiGet hashmaliciousUnknownBrowse
                                              q9bzWO2X1r.msiGet hashmaliciousUnknownBrowse
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):20973
                                                Entropy (8bit):5.800175707701196
                                                Encrypted:false
                                                SSDEEP:384:3ZIbAPehiIYKmcvZdterGIAn6+42xuHHxpxN4Fl2fRz0IhJUgP4qzINP4nZuZVgn:3ZIbAPehiIYKmcvZdterGIAn6+42xuHl
                                                MD5:32EEAE1A1B9842FEFC269E099F34A5F4
                                                SHA1:7B7653BEFAFE3D72FF0288DA06BAB8B5A2934848
                                                SHA-256:672986A6230AE849A65BF4FFC8DBD1A595966BA04D0B5127862D0F607FD29AD2
                                                SHA-512:000EBE28F8A4C7C43A2B45B58B27B7273BB01AA93374658C3D1E7686504916FB1726457AABEF6E4D72AE7CE68E644DA8B49251B1770ECFA183501B89D1BC9D9E
                                                Malicious:false
                                                Preview:...@IXOS.@.....@..Y.@.....@.....@.....@.....@.....@......&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}..App x installer..installer.msi.@.....@.....@.....@......icon_22.exe..&.{6083B90A-A6F9-44DA-B4F6-CF6DFF95061A}.....@.....@.....@.....@.......@.....@.....@.......@......App x installer......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}.@......&.{D582EE7E-FCB6-40BB-88DF-D87561F6DACA}&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}.@......&.{44552115-2BAF-4203-B6FB-1E9405F63E37}&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}.@......&.{DE28A560-E5E1-4035-8CA3-44934686A249}&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}.@......&.{03D39B98-E7BB-4062-BD92-307D642A5CF1}&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{6E
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):1360
                                                Entropy (8bit):5.4135884505161025
                                                Encrypted:false
                                                SSDEEP:24:3qWSKco4KmBs4RPT6GjKbmFoUebIKo+mZ9t7J0gt/NK3R82r+SVbR:6WSU4y4RFymFoUeW+mZ9tK8NWR82jVbR
                                                MD5:039F16CF8D4E0654F2B34C73A1FFEF6A
                                                SHA1:F3FEFB68F78F4AE5B3DBBEAC6ADBACDB585DEDCD
                                                SHA-256:446C7FECBCE8636E32D6E15C5C2B1FB6148EBA00084277919158ECF6CA02983F
                                                SHA-512:5972E7F0CD8C8CCAEA33E41AFF52575E3453F5616D75AB4882CCA1B1872FB9F20058958D68F2E8893C9F0CBFF687F724488FF7F1E2C9E1606F4CF3493E11587D
                                                Malicious:false
                                                Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                Category:dropped
                                                Size (bytes):96
                                                Entropy (8bit):2.99798449505456
                                                Encrypted:false
                                                SSDEEP:3:QmalTuOIAlSRYplflbPRYplf955:Qmalt9lLZiLN
                                                MD5:F26BF481CA203C7D611850139ACBEF41
                                                SHA1:EA86C45B436D1B8F5F42F87AE5034332A5BCFEC4
                                                SHA-256:A6AE6BBFC3486BA26A9A3C67B127D6972D16B8B925BDE4AF20880EE1B1D997CB
                                                SHA-512:D1D2AE7C30A146AC1A85BDC133CE1F105AFC6F4EC8C5BD21A8EAACD0910929D3A9FCB540AB533A253C296C51DC71D1AE58749F7449DAB1C530E82D78D3544E4E
                                                Malicious:true
                                                Preview:..C.e.v.e.r.a.l.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .T.r.i.a.l.N.o.w. .:.<.-.>.:. .0. .<.<.:.>.>. .
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):6668
                                                Entropy (8bit):3.5127462716425657
                                                Encrypted:false
                                                SSDEEP:96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
                                                MD5:30C30EF2CB47E35101D13402B5661179
                                                SHA1:25696B2AAB86A9233F19017539E2DD83B2F75D4E
                                                SHA-256:53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
                                                SHA-512:882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
                                                Malicious:true
                                                Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):250
                                                Entropy (8bit):3.576902729499699
                                                Encrypted:false
                                                SSDEEP:6:QfFok79idK3fclQ9zgltHN+KiVmMXFVrMTlp1LlG7JidK3fpdInO:QfF3IugM/XFVrMTWNvn
                                                MD5:479FAC6E0C05C5A57698619AFE51DEF2
                                                SHA1:1AF4A4DB75ACE8324ED7BFF59D711E80A7BDB821
                                                SHA-256:700080D274E5629A2BFA0D47B9BAF53AD69E67A64A2B04D84115D5851AB3DDBD
                                                SHA-512:B0B5065C216EBC1124B985F3FF86EE7C7E7E9B994190D1103C454EDD602E0242B7160BFFB202538470254675DFACAC6159F1A459B979DAD563BDED84FCED193E
                                                Malicious:true
                                                Preview:..$.o.i.g.n.q.p. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".C.e.v.e.r.a.l.S.e.s.".....$.a.v.o.i.j.g. .=. .[.u.i.n.t.3.2.].(.$.o.i.g.n.q.p. .-.r.e.p.l.a.c.e. .'.b.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".T.r.i.a.l.N.o.w.". .$.a.v.o.i.j.g.
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):310928
                                                Entropy (8bit):6.001677789306043
                                                Encrypted:false
                                                SSDEEP:3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
                                                MD5:147B71C906F421AC77F534821F80A0C6
                                                SHA1:3381128CA482A62333E20D0293FDA50DC5893323
                                                SHA-256:7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
                                                SHA-512:2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: setup.msi, Detection: malicious, Browse
                                                • Filename: Setup.msi, Detection: malicious, Browse
                                                • Filename: q9bzWO2X1r.msi, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}|...|...|....../p....../v....../1...u.a.l....../u...|........./v....../}...Rich|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):117496
                                                Entropy (8bit):6.136079902481222
                                                Encrypted:false
                                                SSDEEP:1536:P4ynPKh5ilvitpOeRZBMZTWTKnSU3hGe+K8b9Ate83CtyxZMPXR0qmOi4:PjoiaUDahe+B92e9tiMPXR0qmOX
                                                MD5:F67792E08586EA936EBCAE43AAB0388D
                                                SHA1:4A5B4009DE72DB003D57F8A4416D17F95B3539A8
                                                SHA-256:4D434BB99C771524C35222E5C65EBEE87FD2F16DDA05BF6191F9723EECE2434D
                                                SHA-512:F9E69377201E2DC577792F01B71ED3C9AF6C8AD52DD9E139C99EF1D9096F3EB7796F89642242BE8CEE4030EA9CF60EF1AA93D1B0890326A83CB9063E919F1E4A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: setup.msi, Detection: malicious, Browse
                                                • Filename: Setup.msi, Detection: malicious, Browse
                                                • Filename: q9bzWO2X1r.msi, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,|..B/..B/..B/.../..B/.G...B/.F...B/.A...B/.C...B/.C...B/..G...B/<.C...B/..C/..B/<.G...B/<../..B/.../..B/<.@...B/Rich..B/................PE..d.....-a..........#............................@.....................................].... .................................................D...,...............`....................]..T...................P_..(...P^...............0..H............................text............................... ..`.rdata...o...0...p..."..............@..@.data...@...........................@....pdata..`...........................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):506008
                                                Entropy (8bit):6.4284173495366845
                                                Encrypted:false
                                                SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                                                MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                                SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                                                SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                                                SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12224
                                                Entropy (8bit):6.596101286914553
                                                Encrypted:false
                                                SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                                                MD5:919E653868A3D9F0C9865941573025DF
                                                SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                                SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                                SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12224
                                                Entropy (8bit):6.640081558424349
                                                Encrypted:false
                                                SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                                                MD5:7676560D0E9BC1EE9502D2F920D2892F
                                                SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                                SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                                SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11712
                                                Entropy (8bit):6.6023398138369505
                                                Encrypted:false
                                                SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                                                MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                                SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                                SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                                SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.614262942006268
                                                Encrypted:false
                                                SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                                                MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                                SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                                SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                                SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.654155040985372
                                                Encrypted:false
                                                SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                                                MD5:94788729C9E7B9C888F4E323A27AB548
                                                SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                                SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                                SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):15304
                                                Entropy (8bit):6.548897063441128
                                                Encrypted:false
                                                SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                                                MD5:580D9EA2308FC2D2D2054A79EA63227C
                                                SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                                SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                                SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11712
                                                Entropy (8bit):6.622041192039296
                                                Encrypted:false
                                                SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                                                MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                                SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                                SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                                SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.730719514840594
                                                Encrypted:false
                                                SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                                                MD5:3BF4406DE02AA148F460E5D709F4F67D
                                                SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                                SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                                SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.626458901834476
                                                Encrypted:false
                                                SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                                                MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                                SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                                SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                                SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12232
                                                Entropy (8bit):6.577869728469469
                                                Encrypted:false
                                                SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                                                MD5:3A4B6B36470BAD66621542F6D0D153AB
                                                SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                                SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                                SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11712
                                                Entropy (8bit):6.6496318655699795
                                                Encrypted:false
                                                SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                                                MD5:A038716D7BBD490378B26642C0C18E94
                                                SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                                SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                                SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12736
                                                Entropy (8bit):6.587452239016064
                                                Encrypted:false
                                                SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                                                MD5:D75144FCB3897425A855A270331E38C9
                                                SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                                SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                                SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):14280
                                                Entropy (8bit):6.658205945107734
                                                Encrypted:false
                                                SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                                                MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                                SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                                SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                                SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12224
                                                Entropy (8bit):6.621310788423453
                                                Encrypted:false
                                                SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                                                MD5:808F1CB8F155E871A33D85510A360E9E
                                                SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                                SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                                SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.7263193693903345
                                                Encrypted:false
                                                SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                                                MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                                SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                                SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                                SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12744
                                                Entropy (8bit):6.601327134572443
                                                Encrypted:false
                                                SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                                                MD5:F43286B695326FC0C20704F0EEBFDEA6
                                                SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                                SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                                SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):14272
                                                Entropy (8bit):6.519411559704781
                                                Encrypted:false
                                                SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                                                MD5:E173F3AB46096482C4361378F6DCB261
                                                SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                                SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                                SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12232
                                                Entropy (8bit):6.659079053710614
                                                Encrypted:false
                                                SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                                                MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                                SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                                SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                                SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11200
                                                Entropy (8bit):6.7627840671368835
                                                Encrypted:false
                                                SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                                                MD5:0233F97324AAAA048F705D999244BC71
                                                SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                                SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                                SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12224
                                                Entropy (8bit):6.590253878523919
                                                Encrypted:false
                                                SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                                                MD5:E1BA66696901CF9B456559861F92786E
                                                SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                                SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                                SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.672720452347989
                                                Encrypted:false
                                                SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                                                MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                                SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                                SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                                SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):13760
                                                Entropy (8bit):6.575688560984027
                                                Encrypted:false
                                                SSDEEP:192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
                                                MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                                SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                                SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                                SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12232
                                                Entropy (8bit):6.70261983917014
                                                Encrypted:false
                                                SSDEEP:192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
                                                MD5:D175430EFF058838CEE2E334951F6C9C
                                                SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                                SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                                SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12744
                                                Entropy (8bit):6.599515320379107
                                                Encrypted:false
                                                SSDEEP:192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
                                                MD5:9D43B5E3C7C529425EDF1183511C29E4
                                                SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                                SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                                SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12232
                                                Entropy (8bit):6.690164913578267
                                                Encrypted:false
                                                SSDEEP:192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
                                                MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                                SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                                SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                                SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):11720
                                                Entropy (8bit):6.615761482304143
                                                Encrypted:false
                                                SSDEEP:192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
                                                MD5:735636096B86B761DA49EF26A1C7F779
                                                SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                                SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                                SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12744
                                                Entropy (8bit):6.627282858694643
                                                Encrypted:false
                                                SSDEEP:192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
                                                MD5:031DC390780AC08F498E82A5604EF1EB
                                                SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                                SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                                SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):15816
                                                Entropy (8bit):6.435326465651674
                                                Encrypted:false
                                                SSDEEP:192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
                                                MD5:285DCD72D73559678CFD3ED39F81DDAD
                                                SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                                SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                                SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):12232
                                                Entropy (8bit):6.5874576656353145
                                                Encrypted:false
                                                SSDEEP:192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
                                                MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                                SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                                SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                                SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):13768
                                                Entropy (8bit):6.645869978118917
                                                Encrypted:false
                                                SSDEEP:192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
                                                MD5:41FBBB054AF69F0141E8FC7480D7F122
                                                SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                                SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                                SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):61176
                                                Entropy (8bit):5.850944458899023
                                                Encrypted:false
                                                SSDEEP:1536:8dAqjxlblBAeX9cMPqnLQmnSPFCCBXuk9:8d1l59cJbSNZBXuO
                                                MD5:3B02A4FCAAC283D3C5E082B62F88BE25
                                                SHA1:C230237FA2BEF46A4C9649871EE46BBA89958C4E
                                                SHA-256:D02FB06775ED21CE1124C5A9BA42D7E00872C4CAF3933F0852FFD98591EE9790
                                                SHA-512:9FE3ACDC6CDC51F56AB205A669F3865FB18DA79750A62E896615AF98F4D37B4A5DADB898126B421133CBD86805A1A84D1C92A429F88AA2152D07939BEBEB93B0
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.X.F...F...F...>O..F.......F.......F.......F.......F.......F...F...F..-/...F..-/...F..-/#..F...FK..F..-/...F..Rich.F..........PE..d.....-a.........." .....X...|.......Y.................................................... .....................................................x.......h.......................0...P...T.......................(....................p..X............................text....V.......X.................. ..`.rdata...X...p...Z...\..............@..@.data...............................@....pdata..............................@..@.rsrc...h...........................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):127224
                                                Entropy (8bit):6.217127607919178
                                                Encrypted:false
                                                SSDEEP:1536:KOMFt1bvZ+4WYoIW9YAlqlEO/NiuE0PJmISN10ZpzdUAsSAl9/mEzuEVvHV7Gvru:fMFZ+4azlqlEO/0d0PkIxPYGX6
                                                MD5:ABDA3CF0D286D6CC5EC2CB1B49DBC180
                                                SHA1:85CA9C24AD7CF07830E86607723770645D724C28
                                                SHA-256:5549E8D3C90AFC8A90558529FE0127CE8A36805D853ED2BBD2A832E497D07405
                                                SHA-512:AF813D4529C7971C6427E84C21275F2D703495E8BCDE72112ED400FCF2BFD64D1E3754E7A8D95A4D1953472C3C9821EF0444CD844F02AE31FA2C5FA8D93E66CF
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'y.fI*.fI*.fI*...*.fI*..M+.fI*..J+.fI*..L+.fI*..H+.fI*..H+.fI*..H+.fI*.fH*.fI*..L+.fI*..I+.fI*...*.fI*.f.*.fI*..K+.fI*Rich.fI*................PE..d.....-a.........." ......................................................... ............ ..........................................x..|B..............p.......@...............D....>..T...................0@..(...0?............... ...............................text...p........................... ..`.rdata....... ......................@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc..D...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):418040
                                                Entropy (8bit):6.1735291180760505
                                                Encrypted:false
                                                SSDEEP:6144:vJXvKtM+eZLmd2Mht6hBj2+1J3Hw2iojntPqbmdv0Pz:vJXvcMRZLmd2Mht6hBj3A2iW8WO
                                                MD5:1CC74B77B1A0B6F14B19F45412D62227
                                                SHA1:25C8D5B1DD13C826AC97995E2265E7960877A869
                                                SHA-256:1314E7F48DCFAA9ED62AD80C19D4EAD856C6D216D6F80B8EFA1A3803087C506A
                                                SHA-512:CA88D9DB167FEE11DCF88FD365DBAEF9E2704996E622F1523943C5AF54D6AE2546D860DB86B20757C89FA52E4140D474EB0EA4A69042AA4CAAF6125E0D5381D9
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+ ..Es..Es..Es...s..Es..Ar..Es..Fr..Es..@r..Es..Dr..Es..Dr..Es..Ds(.Es..@r..Es..Er..Es..s..Es...s..Es..Gr..EsRich..Es........PE..d.....-a.........." .........:.......................................................4.... .........................................`n...T...........p.......0..d2...D.................T...................0...(...0................ ...............................text...\........................... ..`.rdata..h.... ......................@..@.data....7.......0..................@....pdata..d2...0...4..................@..@.rsrc........p.......8..............@..@.reloc...............>..............@..B................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):698104
                                                Entropy (8bit):6.463466021766765
                                                Encrypted:false
                                                SSDEEP:12288:rtCgw2rHcLfk4heNe39mSOWE64h/5+JLkxBdmmVaSV:JCglHsfb9vzE64h/CAxBdmmVaSV
                                                MD5:087DAF44CD13B79E4D59068B3A1C6250
                                                SHA1:653FB242A44C7742764C77D8249D00DDDC1C867E
                                                SHA-256:7AAFC98B0189C4DB66E03EC69B0DA58E59F5728FA9C37F7A61D1531E4D146FD6
                                                SHA-512:3BB7494191EDDA18416B425762EA35B1C614CA420E6D0A8BBA5B9749C453F2552435FC97CF4532E088BBEC2B57A7DC9F782F7C7CEC67F96A33511C367F6A5052
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>.B.P.B.P.B.P.K...N.P...T.J.P...S.@.P...U.Z.P...Q.F.P...Q.G.P.B.Q...P..U.P.P..P.C.P...C.P.B...C.P..R.C.P.RichB.P.........................PE..d.....-a.........." ................l................................................s.... ..........................................7..T...4...........X....`...D...................Q..T...................@S..(...@R..................H............................text............................... ..`.rdata...V.......X..................@..@.data...`(...0..."..................@....pdata...D...`...F...6..............@..@.rsrc...X............|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):31480
                                                Entropy (8bit):5.969706735107452
                                                Encrypted:false
                                                SSDEEP:384:rTnmLAtoAmXkI4WW9jLU7gJX5ZGz/5UtxcNPMUyZJKSm/dAgZsHL4DhAm:noxXzI5Z05uqlyEiRUhR
                                                MD5:CC2C7E9435E8F818F3114AEFCC84E053
                                                SHA1:F106C5EEAA3545CB85BA1217F40E4AE8F047E69E
                                                SHA-256:59415F12FF688B58C9180A545F4836A4C2DDF472C232B3BE9FAB7965F9980924
                                                SHA-512:316D0F0374DA2818CC1A83A6F8BE8E70CCCC2D9F37DB54DF9322FF26FF436EB18532CEB549F286E569E1A6B82BA1345FFE4A7ADC678AE450FC5C3C637F24259D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{...{...{...r.e.....)...h...)...s...)...y...)....... ...x...{...E......y......z......z...{.a.z......z...Rich{...........PE..d.....-a.........." .....,...4......@0................................................... ..........................................T......tU..x.......`....p.......^..............0F..T....................G..(....F...............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...h....`.......N..............@....pdata.......p.......R..............@..@.rsrc...`............V..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):103672
                                                Entropy (8bit):5.851546804507911
                                                Encrypted:false
                                                SSDEEP:1536:DkEZwX0tTbIIJdLJABqKSimO9K64vaO4WpgXyhchiUKcvKXMnVOlVS:QErbXvAxO41yhcBvKXwaVS
                                                MD5:129051E3B7B8D3CC55559BEDBED09486
                                                SHA1:E257D69C91594C623A8649AC3F76DC4B0C4D8EDF
                                                SHA-256:73BFA0700A1C1631483D1ADC79A5225066A28A5CA94D70267DE6B0573BF11BDF
                                                SHA-512:6DCF486B58A0C8E16CB0A2A0B7C53812275DF7E55CEBE94B645517D2A061A67CA3B9CFDDA4F94E89BE57D3B629540C4A45DD153EF84DB90E46D06257A936831A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X..............&........................................&.............&......&......&.J.......".....&......Rich............................PE..d.....-a.........." ................4...............................................:..... ..........................................J.......[..........`............x..............`...T.......................(....................................................text............................... ..`.rdata.............................@..@.data........p.......N..............@....pdata...............\..............@..@.rsrc...`............n..............@..@.reloc...............t..............@..B........................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):57488
                                                Entropy (8bit):6.382541157520703
                                                Encrypted:false
                                                SSDEEP:768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
                                                MD5:71F796B486C7FAF25B9B16233A7CE0CD
                                                SHA1:21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
                                                SHA-256:B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
                                                SHA-512:A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):4664568
                                                Entropy (8bit):6.259383987199329
                                                Encrypted:false
                                                SSDEEP:49152:AroFmAk9nrwChDI061WcO0ABWmIex2MvOGL//VCsHqwApmqamnBObTETCAtdB8n:0tI0OWiVmIek+QpmqtB+9
                                                MD5:A6A89F55416DB79D9E13B82685A04D60
                                                SHA1:EDE6DE1377BBE28E1F0D0DEF095367F1E788FE3B
                                                SHA-256:22D7C730C0092CDE5E339276F45882ACF4E172269153C6A328D83314DBACEF4B
                                                SHA-512:D2A734AE3ACC3033C050634839E32F90AE29862D77EC28B87945D62D44562ED56AC2A4266BC70F0F42CACCC0A7D93B07E2B42D7FFCEFE2F599A6A9DC2F26C583
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........$n..J=..J=..J=...=..J=..N<..J=..I<..J=..O<..J=..K<..J=..N<..J=..L<..J=..K<..J=..K<..J=..K=i.J=..N<..J=..O<U.J=..J<..J=..=..J=...=..J=..H<..J=Rich..J=................PE..d.....-a.........." ......+..........f(.......................................I.......H... ..........................................7>.8.....A......@I.......G......G......PI..F....1.T...................0.1.(...0.1...............+..............................text.....+.......+................. ..`.rdata.......+.......+.............@..@.data....'...`B......DB.............@....pdata.......G.......E.............@..@.rsrc........@I.......F.............@..@.reloc...F...PI..H....F.............@..B........................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):215288
                                                Entropy (8bit):6.050529290720027
                                                Encrypted:false
                                                SSDEEP:3072:emvBIfdYtwUTAgsHW0Akz0dMtTWYUQ4TyjEXv8pQxI88hw:ekBIATA1z7tTzovXv8Kxzj
                                                MD5:BF5EE5008353BB5C52DCF8821082CE6B
                                                SHA1:F85B517F96FE87D953925D05238345A03594C8F8
                                                SHA-256:9273A49CAC32ACA5358A77D41DE00FEB589ED3285B2B2E07E9CE9CEBF80BAA31
                                                SHA-512:B5862D1679AB4F44B228C3E52F5CB98616BF089BAD5EC3BBB63ABDCABDDB55C71C36628E2945C7460AA33F836D85A1A320BF2C704072B307A3B719CD3C6A8549
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[..5...5...5......5...1...5...6...5...0...5...4...5...4...5.#.4...5...4.-.5.#.0...5.#.5...5.#....5.......5.#.7...5.Rich..5.........PE..d.....-a.........." .........j...............................................p............ ..............................................!...........P..h....0.......,.......`..........T...........................@................................................text............................... ..`.rdata..............................@..@.data....$..........................@....pdata.......0... ..................@..@.rsrc...h....P......."..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:RAR archive data, v5
                                                Category:dropped
                                                Size (bytes):357454
                                                Entropy (8bit):7.999445986049869
                                                Encrypted:true
                                                SSDEEP:6144:m9T3d1AeSCAPh9Ypq1lldsB4JqvnQ3IK/21zOMEpx72TVHwDEedfH6vYEYSbxqdw:Ord1AeZAPntds5vnQ2ZOTx7giDEWv6AY
                                                MD5:C4274FBBE1D2203E9CC4C0C3FF8EFE66
                                                SHA1:41A41DD9A081754FA2E11700011980030DBA54CA
                                                SHA-256:8653540C20A3DEFF828EEF23C31EE30723BFFB9E60025A8CBE587BD1EB960D06
                                                SHA-512:60FF4275B322E9451D5F9DADFF97A9DAA18707A145C4B6409DB912377D4F01CB885FEBB6A4F772F8B2816F14934011B112F61182BD771B555DA0270F0D9FB1D8
                                                Malicious:false
                                                Preview:Rar!......P.!.....^.L]....&..l...............1.....t.Q...G..(...J.%.S>....8.../..HV......9.....[....[5!{.T..Y^...L..$.B.G...z......j.s..\....D]j5H..gX(...Yn........4..u..Z.......w...q.e>...0.?.sCv....Ou.r..6d4m..~...Y.z......w.=....l.Q.?...Z......-.*.b..0MYNt...#-.([...J.....KV..If..C..._J?..~...5.....V.)......U{3c.s...f....|.w.*x......wYs}...p...v.C...&..Y.....P..I.*.s....xa.D.Qo..q.;j/...#.m.^.8....3.<F.....e....[...7..l..")m...NB_*......,...3W|Uy.w.O..b.KZ*.r...D"X.5.=...HW.......e....MEj...U...F..{....#*..~.~.^..U.zEM....2...]LR.=....?......Z.....<...R.Mc.G..T\......E.w.f..t.........d..`GC.T.;.3.......^...Xv6"q.j..w..pW...9..D.....UA..dsr3..?.IN...8....z.>_...G~.y.E.d....).Njo:.n..@.Ax...*.(!.5.......)..j.eb'.8A..Q9.......>t#.B.06.N ..,P%.k..mo.0..F...s.......Z!.Da...t..O..Qw|...a.\.&.U...._S.Yd....*.....l.Rq..|..NE..Tzj.QG_.k...4n..b...K:.M.{"+/$.pp..Uj.52.f....{.v....F).........:.........>.D.&.Z3...YA.C^....*n.........W...qn(...~.....
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):566704
                                                Entropy (8bit):6.494428734965787
                                                Encrypted:false
                                                SSDEEP:12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
                                                MD5:6DA7F4530EDB350CF9D967D969CCECF8
                                                SHA1:3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
                                                SHA-256:9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
                                                SHA-512:1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):22
                                                Entropy (8bit):3.879664004902594
                                                Encrypted:false
                                                SSDEEP:3:mKDDlR+7H6U:hOD6U
                                                MD5:D9324699E54DC12B3B207C7433E1711C
                                                SHA1:864EB0A68C2979DCFF624118C9C0618FF76FA76C
                                                SHA-256:EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
                                                SHA-512:E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
                                                Malicious:false
                                                Preview:@echo off..Start "" %1
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):12124160
                                                Entropy (8bit):4.1175508751036585
                                                Encrypted:false
                                                SSDEEP:49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
                                                MD5:8A13CBE402E0BBF3DA56315F0EBA7F8E
                                                SHA1:EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
                                                SHA-256:7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
                                                SHA-512:46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
                                                Malicious:false
                                                Preview:.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):12124160
                                                Entropy (8bit):4.117842215789484
                                                Encrypted:false
                                                SSDEEP:49152:lIsY5NLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8v:lYNDUK7k59
                                                MD5:8DD2CDF8B1702DEE25F4BC2DCE10DA8F
                                                SHA1:7AE8D142C41159D65C7AB9598C90EC1DF33138D1
                                                SHA-256:B19E92D742D8989D275BB34FB7828211969997D38FF9250D9561F432D5C5F62C
                                                SHA-512:6CEBD788559543623A3F54154F6C84E31A9716CFFA19D199087F0704CC9016F54CF0B3CFF6D8DB65428138EEB12553B23EBA7EDAF5B64A050A077DD2951286B0
                                                Malicious:false
                                                Preview:....j..L.........*.\.....................................+..............................j..-.....................................!>.............................|<:.......................A.......@...... t...............................".....................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Java jmod module version 1.0
                                                Category:dropped
                                                Size (bytes):51389
                                                Entropy (8bit):7.916683616123071
                                                Encrypted:false
                                                SSDEEP:768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
                                                MD5:8F4C0388762CD566EAE3261FF8E55D14
                                                SHA1:B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
                                                SHA-256:AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
                                                SHA-512:1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
                                                Malicious:false
                                                Preview:JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^*#.j...R.A..qV.1o...p.....|._.-N$.!.;X....|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be.*.eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.*t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N....*..r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Java jmod module version 1.0
                                                Category:dropped
                                                Size (bytes):12133334
                                                Entropy (8bit):7.944474086295981
                                                Encrypted:false
                                                SSDEEP:196608:h6fa1BzmQR9sZTGVq8B4ISiOCC0SabOyigGRA7OtuPZIWeXB:6a1gk+8B4IS8S2OyiJRA7OtYZaB
                                                MD5:E3705B15388EC3BDFE799AD5DB80B172
                                                SHA1:0B9B77F028727C73265393A68F37FC69C30205BD
                                                SHA-256:BE59AC0E673827B731CF5616B41DA11581A5863285FEA1A0696AA4F93796BCC3
                                                SHA-512:CA44B3E7658232FCC19C9AD223455F326D34B17384E566B8CAF0F7409D71B2B86F4089BF4A35128EC6CFFE080DF84C69C72C22B230FB0F2F8CB345442318F737
                                                Malicious:false
                                                Preview:JM..PK.........n/Q................classes/module-info.class.X...e../.l.!..!.#..M..."..g..#.B.........0;{.AAD.EE..QQQ.aG....{.]....7......~.{....k...{....<HD...4.......x%?G.4_St.Z...\..].+c..t.t........iC./...gZ..].8C..D'M...\3.+~5......z.<.f1..2.v./.As.Lv.....`2.M%...d.h..S`....YC.....D.u0-l.V#.5.,.e..)[..[.v..*............d.I...A........A+&."..8g.)"..E..1!.Z.]....Ak..5.......<'..L8bC..V4.U2.~$...i....)."I...O...d:......@..S...w0m...-....2..x....z.....O....k.8.}....P.....=..I/...<../.d..k....43VL.i...........C.S|`..!b.8....3.Ey..S..e..+.../T..j...g..B.@q9.."..>.LU..2-i....-.!....Z....g.BGl.j..R...Z.D.YJ.Kd...9 l.FN4.Rk.22..b..Rn...u..x.,...j.I.aZ.....X[{L.e..Z#..`.Z...*8..[.p..0.(...j..W..-M...V..H7.c.KN...5e.."...t[um..R...UF.c..1.....z|z.EeO..j..k.V..\x.8.....et;.9.^.Pa..+......U....Iu.q.t....HY.g...q.......omK...FKr1.F..F?.i.d../.]....68..L.........W..s.CU.|y.....zE..Q\...82..W.i[.#Q..xm......P..u.<.#...yC...,........~B..|sF.
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Java jmod module version 1.0
                                                Category:dropped
                                                Size (bytes):41127
                                                Entropy (8bit):7.961466748192397
                                                Encrypted:false
                                                SSDEEP:768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
                                                MD5:D039093C051B1D555C8F9B245B3D7FA0
                                                SHA1:C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
                                                SHA-256:4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
                                                SHA-512:334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
                                                Malicious:false
                                                Preview:JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...*A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z|*.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Java jmod module version 1.0
                                                Category:dropped
                                                Size (bytes):113725
                                                Entropy (8bit):7.928841651831531
                                                Encrypted:false
                                                SSDEEP:3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
                                                MD5:3A03EF8F05A2D0472AE865D9457DAB32
                                                SHA1:7204170A08115A16A50D5A06C3DE7B0ADB6113B1
                                                SHA-256:584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
                                                SHA-512:1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
                                                Malicious:false
                                                Preview:JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm......*..Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h.*.^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz|..^.........8q..{...}.*G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j*..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Java jmod module version 1.0
                                                Category:dropped
                                                Size (bytes):896846
                                                Entropy (8bit):7.923431656723031
                                                Encrypted:false
                                                SSDEEP:12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
                                                MD5:C6FBB7D49CAA027010C2A817D80CA77C
                                                SHA1:4191E275E1154271ABF1E54E85A4FF94F59E7223
                                                SHA-256:1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
                                                SHA-512:FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
                                                Malicious:false
                                                Preview:JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..|..]{.........S|...(cu/..i.d.z...[....'.M|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):639224
                                                Entropy (8bit):6.219852228773659
                                                Encrypted:false
                                                SSDEEP:12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
                                                MD5:01DACEA3CBE5F2557D0816FC64FAE363
                                                SHA1:566064A9CB1E33DB10681189A45B105CDD504FD4
                                                SHA-256:B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
                                                SHA-512:C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):98224
                                                Entropy (8bit):6.452201564717313
                                                Encrypted:false
                                                SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                MD5:F34EB034AA4A9735218686590CBA2E8B
                                                SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):37256
                                                Entropy (8bit):6.297533243519742
                                                Encrypted:false
                                                SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                MD5:135359D350F72AD4BF716B764D39E749
                                                SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:MS Windows icon resource - 7 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                Category:dropped
                                                Size (bytes):372526
                                                Entropy (8bit):4.467275942115759
                                                Encrypted:false
                                                SSDEEP:3072:aAVWno2eoqXRy8QGSi6H0NOJe6ay1lrnyoeFM8UuPLZoELS/8taek6KYrOzzCIhZ:LCANx6xPZX9mBW
                                                MD5:B52B2D1D4C9E56CA24AB0CD0730CC5AD
                                                SHA1:C70A3683DF57DE3096CA58F314C0B649035392CC
                                                SHA-256:73CDA59B9158F5DCA967A6EC24A3608C672DCA63F714BFD7B7B5F81C1303F457
                                                SHA-512:CDCAB1C415B87948AD45C967D6C50EA24935D7E58CFC30717E2943D9CE9F5DDEFCB5E60BCE58F9F387635EA30E1A0399DBA644316CC53F1802BAE73B76CB1BFA
                                                Malicious:false
                                                Preview:............ .( ..v......... .(.... ..@@.... .(B...(..00.... ..%...j.. .... ............... .....>......... .h......(............. ...... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6083B90A-A6F9-44DA-B4F6-CF6DFF95061A}, Number of Words: 10, Subject: App x installer, Author: Coors Q Corporation, Name of Creating Application: App x installer, Template: x64;2057, Comments: This installer database contains the logic and data required to install App x installer., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Dec 22 12:56:56 2024, Last Saved Time/Date: Sun Dec 22 12:56:56 2024, Last Printed: Sun Dec 22 12:56:56 2024, Number of Pages: 450
                                                Category:dropped
                                                Size (bytes):60281856
                                                Entropy (8bit):7.201474320549786
                                                Encrypted:false
                                                SSDEEP:786432:dWZojVmrjV7eIAtehOTZ5oZ4sdUuzt/NCaY2ksC:dW8VmrjV7eIvhOTZ6RjVCa1t
                                                MD5:3522CFAF23EE87120655653C063AC7C5
                                                SHA1:D16F1D044440492F04ACA577D1ABF2B8432DA203
                                                SHA-256:09FDA391EC787161EC5E93DD62356DB4FA6AF2024EB7B7A8DB2CA14CACE15339
                                                SHA-512:5038F06200783C864FBA5CDA7778B992B65C5D661E67A0879342E50ADAF396D15D3FEE34F3A714312AF9F26E208BB478C27E7C1AF11327550A42FC90B59C04F9
                                                Malicious:false
                                                Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...N...K...L...e...O...""..P...Q...R...S...T...U...V...W...X...("..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6083B90A-A6F9-44DA-B4F6-CF6DFF95061A}, Number of Words: 10, Subject: App x installer, Author: Coors Q Corporation, Name of Creating Application: App x installer, Template: x64;2057, Comments: This installer database contains the logic and data required to install App x installer., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Dec 22 12:56:56 2024, Last Saved Time/Date: Sun Dec 22 12:56:56 2024, Last Printed: Sun Dec 22 12:56:56 2024, Number of Pages: 450
                                                Category:dropped
                                                Size (bytes):60281856
                                                Entropy (8bit):7.201474320549786
                                                Encrypted:false
                                                SSDEEP:786432:dWZojVmrjV7eIAtehOTZ5oZ4sdUuzt/NCaY2ksC:dW8VmrjV7eIvhOTZ6RjVCa1t
                                                MD5:3522CFAF23EE87120655653C063AC7C5
                                                SHA1:D16F1D044440492F04ACA577D1ABF2B8432DA203
                                                SHA-256:09FDA391EC787161EC5E93DD62356DB4FA6AF2024EB7B7A8DB2CA14CACE15339
                                                SHA-512:5038F06200783C864FBA5CDA7778B992B65C5D661E67A0879342E50ADAF396D15D3FEE34F3A714312AF9F26E208BB478C27E7C1AF11327550A42FC90B59C04F9
                                                Malicious:false
                                                Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...N...K...L...e...O...""..P...Q...R...S...T...U...V...W...X...("..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):393113
                                                Entropy (8bit):4.736450089718107
                                                Encrypted:false
                                                SSDEEP:3072:ie9YAVWno2eoqXRy8QGSi6H0NOJe6ay1lrnyoeFM8UuPLZoELS/8taek6KYrOzzZ:ie95CANx6xPZX9mB0
                                                MD5:24A6F2F2E2B24BFAFD2053124E673077
                                                SHA1:95DFB528633FB9DFCF87DD6515D75BC7F801BBC1
                                                SHA-256:04CB11603AE64003A114FDA05E9E3F13FD0742395D989FA3F75A36341550D51F
                                                SHA-512:B792A1F363B64F1A84B44504947558D02760E19E558BB5D9ADC2029BAF2DE31D7AC0959F9D50333E9CD165F550C7F74285615A2DA5E743221FE00C573FE6BEB1
                                                Malicious:false
                                                Preview:...@IXOS.@.....@..Y.@.....@.....@.....@.....@.....@......&.{6E757B23-2B94-40A2-8917-C3140ED7AA7F}..App x installer..installer.msi.@.....@.....@.....@......icon_22.exe..&.{6083B90A-A6F9-44DA-B4F6-CF6DFF95061A}.....@.....@.....@.....@.......@.....@.....@.......@......App x installer......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@4....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F}C.C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}8.21:\Software\Coors Q Corporation\App x installer\Version.@.......@.....@.....@......&.{D582EE7E-FCB6-40BB-88DF-D87561F6DACA}N.C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvacore.dll.@.......@.....@.....@......&.{44552115-2BAF-4203-B6FB-1E9405F63E37}U.C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvaunittesting.dl
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):787808
                                                Entropy (8bit):6.693392695195763
                                                Encrypted:false
                                                SSDEEP:24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
                                                MD5:8CF47242B5DF6A7F6D2D7AF9CC3A7921
                                                SHA1:B51595A8A113CF889B0D1DD4B04DF16B3E18F318
                                                SHA-256:CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
                                                SHA-512:748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):380520
                                                Entropy (8bit):6.512348002260683
                                                Encrypted:false
                                                SSDEEP:6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
                                                MD5:FFDAACB43C074A8CB9A608C612D7540B
                                                SHA1:8F054A7F77853DE365A7763D93933660E6E1A890
                                                SHA-256:7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
                                                SHA-512:A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1021792
                                                Entropy (8bit):6.608727172078022
                                                Encrypted:false
                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1021792
                                                Entropy (8bit):6.608727172078022
                                                Encrypted:false
                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1021792
                                                Entropy (8bit):6.608727172078022
                                                Encrypted:false
                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1021792
                                                Entropy (8bit):6.608727172078022
                                                Encrypted:false
                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1201504
                                                Entropy (8bit):6.4557937684843365
                                                Encrypted:false
                                                SSDEEP:24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
                                                MD5:E83D774F643972B8ECCDB3A34DA135C5
                                                SHA1:A58ECCFB12D723C3460563C5191D604DEF235D15
                                                SHA-256:D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
                                                SHA-512:CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.|CF..@G.|DF..@G.|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1021792
                                                Entropy (8bit):6.608727172078022
                                                Encrypted:false
                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):1021792
                                                Entropy (8bit):6.608727172078022
                                                Encrypted:false
                                                SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.163209426274809
                                                Encrypted:false
                                                SSDEEP:12:JSbX72FjaISAGiLIlHVRpiBh/7777777777777777777777777vDHFEcPMgXgXnF:J4ISQI5ACc0ZsF
                                                MD5:2105A052A452CD1590674AFC646AA94E
                                                SHA1:146B975322AF8DFD5CC6F87B95F9A9A6F3ADD289
                                                SHA-256:A1DDD02C731498F27E13BA3DC30FC6F5A124F25488A3C23F0ECB74CD381A6D32
                                                SHA-512:E3F4558BA996744C86D2E91FEC9CA294004B8F4BA8458BFD8CD30B3BDCD96C953883D0AF7232486C8D3FAC6A0CFCBFC755ECF2C8AF7C078D56AB09645F542FA5
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.5853403780402298
                                                Encrypted:false
                                                SSDEEP:48:B8PhXuRc06WXJanT5VMXKMnmMoAECiCyVSCvoGX2ySCOTkcV0l:chX1RnTYXpVECerXj40
                                                MD5:25D496D91320EBAFB4AC5C509796A8D6
                                                SHA1:6162138648E41FD8D2624457B239FF7D4BA82656
                                                SHA-256:96CFE41B5E8DDD8BAE89CBF127A7377F7691414125237262F2A5341ACFE7805D
                                                SHA-512:B9B46AA153CBE57A8B181B5F08BB25A3F9227A3741F75BEB64C48127A4DC7A4BB14E388D466933F63E5855F282CE328A82342807067DE93471BAA55364878B77
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):432221
                                                Entropy (8bit):5.375172915673626
                                                Encrypted:false
                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaun:zTtbmkExhMJCIpErG
                                                MD5:52AC46CFDAA1DB746AB1DE7B5F2E3E1D
                                                SHA1:13B4456B9193B43C3AAE86B402DA5B3C91F28F48
                                                SHA-256:5750637DF2971BB30C5C391D680F89BA769F7AEFD2945809B5136600BAD31D4B
                                                SHA-512:78D14101706CBDEBCDA292F95A50CF2913EE1F49D45D061BCDEC277431F716FE561CD2FC4BA9C4FB3D4BFEC632AA431B4F983B604076542268443A1FC7943049
                                                Malicious:false
                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):73728
                                                Entropy (8bit):0.1454585532943224
                                                Encrypted:false
                                                SSDEEP:48:KcV0l4TeySCTmMoAECiCyVSCvoGXqXKMt:10IRECerXqXp
                                                MD5:3166907071617DC950EBF28DB27ED347
                                                SHA1:E02407B4966C26B6A7CF3767DFE05A00035B9258
                                                SHA-256:F01D1369C630F09061627B26C4030360DBE2A812BAEE310949A9B47EA3ACEB0D
                                                SHA-512:702A170388BF7744C09C1D20AD2E5B9595B2F9D21AA4DC21934784E1855BDFE8E91D8F599EB809BC0C78775FFF3BCA659982B61EB8F02A34AD8968FB123F5304
                                                Malicious:false
                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):1.269228915633943
                                                Encrypted:false
                                                SSDEEP:48:M0PupM+CFXJpT5EVzMXKMnmMoAECiCyVSCvoGX2ySCOTkcV0l:BPHRTuVAXpVECerXj40
                                                MD5:9BF599B5FD6E9C39B06099C6165CC62E
                                                SHA1:CF12F0AB436B011E7CE7C9EBEF1454EE504BAFEE
                                                SHA-256:6E0E12DE3C397C3024B43C81829F6480CD4578BB2D2A8800DA7829245FD2B341
                                                SHA-512:3C126ACDFF2CE8C9838EAED304F1308245F2A087EAEE31AC19B74EDE7C70B180F56868A365831C220E761F0517640553C1EBFDB06A350B9F5D561B9497D6E73C
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.5853403780402298
                                                Encrypted:false
                                                SSDEEP:48:B8PhXuRc06WXJanT5VMXKMnmMoAECiCyVSCvoGX2ySCOTkcV0l:chX1RnTYXpVECerXj40
                                                MD5:25D496D91320EBAFB4AC5C509796A8D6
                                                SHA1:6162138648E41FD8D2624457B239FF7D4BA82656
                                                SHA-256:96CFE41B5E8DDD8BAE89CBF127A7377F7691414125237262F2A5341ACFE7805D
                                                SHA-512:B9B46AA153CBE57A8B181B5F08BB25A3F9227A3741F75BEB64C48127A4DC7A4BB14E388D466933F63E5855F282CE328A82342807067DE93471BAA55364878B77
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):1.269228915633943
                                                Encrypted:false
                                                SSDEEP:48:M0PupM+CFXJpT5EVzMXKMnmMoAECiCyVSCvoGX2ySCOTkcV0l:BPHRTuVAXpVECerXj40
                                                MD5:9BF599B5FD6E9C39B06099C6165CC62E
                                                SHA1:CF12F0AB436B011E7CE7C9EBEF1454EE504BAFEE
                                                SHA-256:6E0E12DE3C397C3024B43C81829F6480CD4578BB2D2A8800DA7829245FD2B341
                                                SHA-512:3C126ACDFF2CE8C9838EAED304F1308245F2A087EAEE31AC19B74EDE7C70B180F56868A365831C220E761F0517640553C1EBFDB06A350B9F5D561B9497D6E73C
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):0.07078902429937126
                                                Encrypted:false
                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOud3sI0OPgXgXLIiVky6l7:2F0i8n0itFzDHFEcPMgXgX27
                                                MD5:B194C4D75BCE7CBEA65036A4B24C00E1
                                                SHA1:57E16F6679BA91AE4CFCC794E9769B8AD5C77589
                                                SHA-256:F35D0154831D891C23F6D790278263C1BA6E7CE89A16F5078423ADB007364589
                                                SHA-512:9A1FA91F8CDAA0162696BE30A07E92A1DAC80511F05379A61DF19F610C0516331C4A5FBC7EC083FC90CC536D8CFA400D58B92F3D9339A40CDF721A20A06C16C2
                                                Malicious:false
                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):20480
                                                Entropy (8bit):1.5853403780402298
                                                Encrypted:false
                                                SSDEEP:48:B8PhXuRc06WXJanT5VMXKMnmMoAECiCyVSCvoGX2ySCOTkcV0l:chX1RnTYXpVECerXj40
                                                MD5:25D496D91320EBAFB4AC5C509796A8D6
                                                SHA1:6162138648E41FD8D2624457B239FF7D4BA82656
                                                SHA-256:96CFE41B5E8DDD8BAE89CBF127A7377F7691414125237262F2A5341ACFE7805D
                                                SHA-512:B9B46AA153CBE57A8B181B5F08BB25A3F9227A3741F75BEB64C48127A4DC7A4BB14E388D466933F63E5855F282CE328A82342807067DE93471BAA55364878B77
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                Category:dropped
                                                Size (bytes):32768
                                                Entropy (8bit):1.269228915633943
                                                Encrypted:false
                                                SSDEEP:48:M0PupM+CFXJpT5EVzMXKMnmMoAECiCyVSCvoGX2ySCOTkcV0l:BPHRTuVAXpVECerXj40
                                                MD5:9BF599B5FD6E9C39B06099C6165CC62E
                                                SHA1:CF12F0AB436B011E7CE7C9EBEF1454EE504BAFEE
                                                SHA-256:6E0E12DE3C397C3024B43C81829F6480CD4578BB2D2A8800DA7829245FD2B341
                                                SHA-512:3C126ACDFF2CE8C9838EAED304F1308245F2A087EAEE31AC19B74EDE7C70B180F56868A365831C220E761F0517640553C1EBFDB06A350B9F5D561B9497D6E73C
                                                Malicious:false
                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\msiexec.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):638
                                                Entropy (8bit):4.751962275036146
                                                Encrypted:false
                                                SSDEEP:12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
                                                MD5:15CA959638E74EEC47E0830B90D0696E
                                                SHA1:E836936738DCB6C551B6B76054F834CFB8CC53E5
                                                SHA-256:57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
                                                SHA-512:101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
                                                Malicious:false
                                                Preview:[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...
                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {6083B90A-A6F9-44DA-B4F6-CF6DFF95061A}, Number of Words: 10, Subject: App x installer, Author: Coors Q Corporation, Name of Creating Application: App x installer, Template: x64;2057, Comments: This installer database contains the logic and data required to install App x installer., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Dec 22 12:56:56 2024, Last Saved Time/Date: Sun Dec 22 12:56:56 2024, Last Printed: Sun Dec 22 12:56:56 2024, Number of Pages: 450
                                                Entropy (8bit):7.201474320549786
                                                TrID:
                                                • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                File name:installer.msi
                                                File size:60'281'856 bytes
                                                MD5:3522cfaf23ee87120655653c063ac7c5
                                                SHA1:d16f1d044440492f04aca577d1abf2b8432da203
                                                SHA256:09fda391ec787161ec5e93dd62356db4fa6af2024eb7b7a8db2ca14cace15339
                                                SHA512:5038f06200783c864fba5cda7778b992b65c5d661e67a0879342e50adaf396d15d3fee34f3a714312af9f26e208bb478c27e7c1af11327550a42fc90b59c04f9
                                                SSDEEP:786432:dWZojVmrjV7eIAtehOTZ5oZ4sdUuzt/NCaY2ksC:dW8VmrjV7eIvhOTZ6RjVCa1t
                                                TLSH:7FD76C01B3FA4148F2F75EB17EBA45A594BABD521B30C0EF1204A60E1B71BC25BB5763
                                                File Content Preview:........................>............................................2..................................................................x......................................................................................................................
                                                Icon Hash:2d2e3797b32b2b99
                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-12-23T00:30:23.022874+01002829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA1192.168.2.449730172.67.164.25443TCP
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 23, 2024 00:30:21.700741053 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:21.700779915 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:21.700871944 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:21.706198931 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:21.706212997 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:22.944808960 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:22.945146084 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.017354965 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.017373085 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:23.017793894 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:23.017858028 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.022578955 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.022815943 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.022845984 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:23.734832048 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:23.734905005 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:23.735030890 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.735030890 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.771814108 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.771825075 CET44349730172.67.164.25192.168.2.4
                                                Dec 23, 2024 00:30:23.771842957 CET49730443192.168.2.4172.67.164.25
                                                Dec 23, 2024 00:30:23.771882057 CET49730443192.168.2.4172.67.164.25
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 23, 2024 00:30:21.452151060 CET5715453192.168.2.41.1.1.1
                                                Dec 23, 2024 00:30:21.682307959 CET53571541.1.1.1192.168.2.4
                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 23, 2024 00:30:21.452151060 CET192.168.2.41.1.1.10x15aeStandard query (0)cubermo.comA (IP address)IN (0x0001)false
                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 23, 2024 00:30:21.682307959 CET1.1.1.1192.168.2.40x15aeNo error (0)cubermo.com172.67.164.25A (IP address)IN (0x0001)false
                                                Dec 23, 2024 00:30:21.682307959 CET1.1.1.1192.168.2.40x15aeNo error (0)cubermo.com104.21.65.145A (IP address)IN (0x0001)false
                                                • cubermo.com
                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.449730172.67.164.254437660C:\Windows\SysWOW64\msiexec.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-22 23:30:23 UTC189OUTPOST /updater.php HTTP/1.1
                                                Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                User-Agent: AdvancedInstaller
                                                Host: cubermo.com
                                                Content-Length: 71
                                                Cache-Control: no-cache
                                                2024-12-22 23:30:23 UTC71OUTData Raw: 44 61 74 65 3d 32 32 25 32 46 31 32 25 32 46 32 30 32 34 26 54 69 6d 65 3d 31 38 25 33 41 33 30 25 33 41 32 30 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 38 2e 39 2e 39 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65
                                                Data Ascii: Date=22%2F12%2F2024&Time=18%3A30%3A20&BuildVersion=8.9.9&SoroqVins=True
                                                2024-12-22 23:30:23 UTC825INHTTP/1.1 500 Internal Server Error
                                                Date: Sun, 22 Dec 2024 23:30:23 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Cache-Control: no-store
                                                cf-cache-status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6xWTecb%2BpDfT2PRK8nWd1F5SLTv8aH1SdmBNYll56P1Jnu2IUcyMoUftU527p31jVlrepGPiqL1HT1pubbGRmIrrcUUgGR1oX8g0RYEDLVluKUYYbNFPFgsGGe9pAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8f63e63f1ca64251-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1565&rtt_var=603&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=920&delivery_rate=1789215&cwnd=248&unsent_bytes=0&cid=e42cdfc08dc74fb4&ts=806&x=0"
                                                2024-12-22 23:30:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Click to jump to process

                                                Click to jump to process

                                                Click to dive into process behavior distribution

                                                Click to jump to process

                                                Target ID:0
                                                Start time:18:30:09
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\msiexec.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\installer.msi"
                                                Imagebase:0x7ff796c80000
                                                File size:69'632 bytes
                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:1
                                                Start time:18:30:09
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\msiexec.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                Imagebase:0x7ff796c80000
                                                File size:69'632 bytes
                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                Target ID:2
                                                Start time:18:30:12
                                                Start date:22/12/2024
                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 2FCF318A48C04D173E905E14D419EF7A
                                                Imagebase:0xb00000
                                                File size:59'904 bytes
                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:4
                                                Start time:18:30:24
                                                Start date:22/12/2024
                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):true
                                                Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss18AE.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi189B.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr189C.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr189D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                Imagebase:0x3d0000
                                                File size:433'152 bytes
                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:5
                                                Start time:18:30:24
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:8
                                                Start time:18:30:31
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe""
                                                Imagebase:0x7ff6be540000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:9
                                                Start time:18:30:31
                                                Start date:22/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe"
                                                Imagebase:0x7ff63d9a0000
                                                File size:57'488 bytes
                                                MD5 hash:71F796B486C7FAF25B9B16233A7CE0CD
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 0%, ReversingLabs
                                                Reputation:low
                                                Has exited:true

                                                Target ID:10
                                                Start time:18:30:31
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:11
                                                Start time:18:30:32
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:12
                                                Start time:18:30:32
                                                Start date:22/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe"
                                                Imagebase:0x140000000
                                                File size:117'496 bytes
                                                MD5 hash:F67792E08586EA936EBCAE43AAB0388D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 0%, ReversingLabs
                                                Reputation:low
                                                Has exited:true

                                                Target ID:13
                                                Start time:18:30:32
                                                Start date:22/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Reset < >
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1883842581.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_74c0000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $^q$$^q$$^q
                                                  • API String ID: 0-831282457
                                                  • Opcode ID: 5aabfdf528570669602b7e43c3e3087d2d97bcb23d5289251d437562e851a3e8
                                                  • Instruction ID: d75d033aa0e0be26f4145795f1525901d797923050f32360490a054e765d52d5
                                                  • Opcode Fuzzy Hash: 5aabfdf528570669602b7e43c3e3087d2d97bcb23d5289251d437562e851a3e8
                                                  • Instruction Fuzzy Hash: 4051F6F960838E9FCB55CF6898546BA7FA1AF41220F1484AFE4418F393EB35C845CB51
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83fff8b1cc8149633dfba9d322af373b2a3972c9e13fce05ff0cb3b1881a0e52
                                                  • Instruction ID: 8d368e2f3d2eaafe04c2ccbfcf951f9b8f3fdf9520fd8aa140c7d9378585fac4
                                                  • Opcode Fuzzy Hash: 83fff8b1cc8149633dfba9d322af373b2a3972c9e13fce05ff0cb3b1881a0e52
                                                  • Instruction Fuzzy Hash: A0A17D39A002489FDB14EFA5C554E9DBBF6FFC4350F118568D406AB369DB34AD49CB80
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c2ea9751d590619d6024bbe2c4ae914e703931c7510fff3ea4b58b325be4ce8
                                                  • Instruction ID: ae6690cf0fd65bb3d2c97d38fc0554a384295e734277df0b5f58468bad4c5bab
                                                  • Opcode Fuzzy Hash: 8c2ea9751d590619d6024bbe2c4ae914e703931c7510fff3ea4b58b325be4ce8
                                                  • Instruction Fuzzy Hash: 1B71DE30A002499FCB15DF68C884A9EFBF6EF8A314F14C979E406DB291DB75AC45CB90
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19c76708673e32d66a04a0a388f193ef1e8f51d1fe43734f68889283715cf41c
                                                  • Instruction ID: f17caf536ba081dd0730634965f9135ece59182a09bf50261ef3fec44cb0a9af
                                                  • Opcode Fuzzy Hash: 19c76708673e32d66a04a0a388f193ef1e8f51d1fe43734f68889283715cf41c
                                                  • Instruction Fuzzy Hash: 15717E74E01208DFDB18EFA4D484BADBBF6FF88304F548429D416AB290DB35AD46CB91
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fdb70ccdd7230bc821a40915b868770829048456bd40f64e8f2e46a60fe72c0d
                                                  • Instruction ID: fb9153f81ee9bf5872745b30a0822ec55d369fe1fb60ac5599f6e7defce5baff
                                                  • Opcode Fuzzy Hash: fdb70ccdd7230bc821a40915b868770829048456bd40f64e8f2e46a60fe72c0d
                                                  • Instruction Fuzzy Hash: 0B41B0746002148FDB25DF64C558AAE7BF6EFCA740F188569D506EB3A0CB35AC40CB50
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7cfaae5cdeab330361fecf2a5b20b25bf8801906cc5df475b63bddadf3db8cfb
                                                  • Instruction ID: 8a7639c1bea2198d4d1a2b70533e8b1329fa0dbe13d51a2fd199886277dc14ee
                                                  • Opcode Fuzzy Hash: 7cfaae5cdeab330361fecf2a5b20b25bf8801906cc5df475b63bddadf3db8cfb
                                                  • Instruction Fuzzy Hash: DE417F70A002599FDB14EFA9C584BAEBBF2FF85304F148579D006AB790DB75AC45CB90
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41024329fee19739e9822797b4311c9ae993782b05bce0148f59aa274b0907d1
                                                  • Instruction ID: dcc1844199932cabda9af2a6a746280ea5f7cecd1d0f5a62d43fa0ef5fdd4c8e
                                                  • Opcode Fuzzy Hash: 41024329fee19739e9822797b4311c9ae993782b05bce0148f59aa274b0907d1
                                                  • Instruction Fuzzy Hash: AE4147B0A015059FCB1ACF59C598EAAFBB5FF88310B118569D815AB364C736FD50CFA0
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 439b3ac0d96baca089d4ecc3ec1e3cf8cb677b4e1445c2caf214791c7fa871ab
                                                  • Instruction ID: 8eb6bf3964b235c0946170a02be1309f7d96c7a32f373f8f8189f03b56f0e116
                                                  • Opcode Fuzzy Hash: 439b3ac0d96baca089d4ecc3ec1e3cf8cb677b4e1445c2caf214791c7fa871ab
                                                  • Instruction Fuzzy Hash: 94310A347096418F83A4DB78C0A0A3ABBE3EBC5250355C9BDE44ACB751EB35FC459B52
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1871670863.0000000002C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C0D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2c0d000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4218811a3e15893e7a31f7234e8144f0a37bc3d89c253f2f074f3ab671dc99dd
                                                  • Instruction ID: f9443e9e047b3b533b2fe74537d3459b5caf1d032338fa844d0dfebe5f3d0e21
                                                  • Opcode Fuzzy Hash: 4218811a3e15893e7a31f7234e8144f0a37bc3d89c253f2f074f3ab671dc99dd
                                                  • Instruction Fuzzy Hash: 4701407140E3C05ED7128B258894B52BFB4EF43228F1DC0DBD8888F1E3C2695949C7B2
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1871670863.0000000002C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C0D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2c0d000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6476077975162248293ea716bb4e64b8cb50ecad2073bedc2d788f891861a886
                                                  • Instruction ID: c3f19f390bb5a593ef86237fd57470abba7abbde2e39e0dbe0fdec78e7a6cd4f
                                                  • Opcode Fuzzy Hash: 6476077975162248293ea716bb4e64b8cb50ecad2073bedc2d788f891861a886
                                                  • Instruction Fuzzy Hash: 4801F2714093009AE7108A6AC9C4F67BFDCEF81328F08C42AEC4E0B2C6C7799985C6F1
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1873053685.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_4940000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97d8aefc557e364ee0512fd8888398e161879c1154b68cf31b4265c4eb2685e4
                                                  • Instruction ID: ac7144a52237df64ecc763be0a3071825594d106e899ec3a4095ff732744c788
                                                  • Opcode Fuzzy Hash: 97d8aefc557e364ee0512fd8888398e161879c1154b68cf31b4265c4eb2685e4
                                                  • Instruction Fuzzy Hash: 9CF03774A4060A9FDB04DBE4C595F6E7BB2EF81344F108824D1019F364DB789D488BC0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1883842581.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_74c0000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                  • API String ID: 0-3732357466
                                                  • Opcode ID: 2cdf43951df84a7406ff7d56feabfcedd9c3b8bb4852185756d771561fe7cbae
                                                  • Instruction ID: 1e6314fe221fa43c8b8ba47254d6f668986203a67c333bac835cd433d88522a0
                                                  • Opcode Fuzzy Hash: 2cdf43951df84a7406ff7d56feabfcedd9c3b8bb4852185756d771561fe7cbae
                                                  • Instruction Fuzzy Hash: 3D5129B970430ACFDB65CA299C006EBBBB5EFD6210F1884AFD445CB361DA32C945C7A1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1883842581.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_74c0000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: tP^q$tP^q$$^q$$^q$$^q$^k$^k
                                                  • API String ID: 0-2013604903
                                                  • Opcode ID: f6a74c888bb5cf612b1a0f2a6931bcc3d10e1bbc3650fd36dfb8cac1d77b0bf5
                                                  • Instruction ID: a4db5733373cf2b0ce5b06d5bfd05bbdda535330ea9debc6e9b28928660e368b
                                                  • Opcode Fuzzy Hash: f6a74c888bb5cf612b1a0f2a6931bcc3d10e1bbc3650fd36dfb8cac1d77b0bf5
                                                  • Instruction Fuzzy Hash: C0314BBA7052198FD754CA69D404AABBBE5AFC4620F28846FE405CF362CE32DC46C790
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1883842581.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_74c0000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 84fk$84fk$tP^q$tP^q$$^q
                                                  • API String ID: 0-1489861634
                                                  • Opcode ID: 729f0ce61a3f8892604247ccc294574453a01de5d0939cdaa4fc87dec74c739b
                                                  • Instruction ID: c8055b58f0b7f05c13de41b0c02ee29d93ddb9613705d9d5f6959ef626021512
                                                  • Opcode Fuzzy Hash: 729f0ce61a3f8892604247ccc294574453a01de5d0939cdaa4fc87dec74c739b
                                                  • Instruction Fuzzy Hash: 6A3114F9B0421A9BDB24DA599541AABFBE2EFC4310F14842FD5099B342DF31DC02C7A2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1883842581.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_74c0000_powershell.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4ek$4ek$$^q$$^q$$^q
                                                  • API String ID: 0-3211894024
                                                  • Opcode ID: d5a2edb6fd224fa35b5fda86c66079f07af9b7dd21bf1996d2adfc81dff9454c
                                                  • Instruction ID: 79787f8c67cd53e079f1d843b9f0d6f1a42bc54d62a8ed0b240db8f4765c83a5
                                                  • Opcode Fuzzy Hash: d5a2edb6fd224fa35b5fda86c66079f07af9b7dd21bf1996d2adfc81dff9454c
                                                  • Instruction Fuzzy Hash: 74110DF931020ADBCB74D929AC106BBA6DE8FC1651B14443FD505DB3A6DEB6D882C371

                                                  Execution Graph

                                                  Execution Coverage:3.4%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:1.7%
                                                  Total number of Nodes:701
                                                  Total number of Limit Nodes:1
                                                  execution_graph 2502 7ff63d9a195f 2503 7ff63d9a196d 2502->2503 2503->2503 2504 7ff63d9a1a23 2503->2504 2518 7ff63d9a1ee0 2503->2518 2507 7ff63d9a1a67 BuildCatchObjectHelperInternal 2504->2507 2532 7ff63d9a2230 2504->2532 2508 7ff63d9a18a0 2507->2508 2509 7ff63d9a1da2 _invalid_parameter_noinfo_noreturn 2507->2509 2513 7ff63d9a1d76 2508->2513 2514 7ff63d9a1dd0 2508->2514 2517 7ff63d9a20c0 21 API calls 2508->2517 2510 7ff63d9a1da9 WSAGetLastError 2509->2510 2511 7ff63d9a1450 6 API calls 2510->2511 2511->2513 2512 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2516 7ff63d9a1d87 2512->2516 2513->2512 2515 7ff63d9a1450 6 API calls 2514->2515 2515->2513 2517->2508 2521 7ff63d9a1f25 2518->2521 2531 7ff63d9a1f04 BuildCatchObjectHelperInternal 2518->2531 2519 7ff63d9a2031 2520 7ff63d9a17e0 21 API calls 2519->2520 2522 7ff63d9a2036 2520->2522 2521->2519 2523 7ff63d9a1f74 2521->2523 2524 7ff63d9a1fa9 2521->2524 2526 7ff63d9a1720 Concurrency::cancel_current_task 4 API calls 2522->2526 2523->2522 2525 7ff63d9a2690 5 API calls 2523->2525 2528 7ff63d9a2690 5 API calls 2524->2528 2530 7ff63d9a1f92 BuildCatchObjectHelperInternal 2524->2530 2525->2530 2529 7ff63d9a203c 2526->2529 2527 7ff63d9a202a _invalid_parameter_noinfo_noreturn 2527->2519 2528->2530 2530->2527 2530->2531 2531->2504 2533 7ff63d9a225e 2532->2533 2534 7ff63d9a23ab 2532->2534 2536 7ff63d9a22b1 2533->2536 2537 7ff63d9a22e6 2533->2537 2540 7ff63d9a22be 2533->2540 2535 7ff63d9a17e0 21 API calls 2534->2535 2538 7ff63d9a23b0 2535->2538 2536->2538 2536->2540 2544 7ff63d9a2690 5 API calls 2537->2544 2545 7ff63d9a22cf BuildCatchObjectHelperInternal 2537->2545 2541 7ff63d9a1720 Concurrency::cancel_current_task 4 API calls 2538->2541 2539 7ff63d9a2690 5 API calls 2539->2545 2540->2539 2542 7ff63d9a23b6 2541->2542 2543 7ff63d9a2364 _invalid_parameter_noinfo_noreturn 2546 7ff63d9a2357 BuildCatchObjectHelperInternal 2543->2546 2544->2545 2545->2543 2545->2546 2546->2507 2547 7ff63d9a1ce0 2548 7ff63d9a2688 5 API calls 2547->2548 2549 7ff63d9a1cea gethostname 2548->2549 2550 7ff63d9a1da9 WSAGetLastError 2549->2550 2551 7ff63d9a1d08 2549->2551 2552 7ff63d9a1450 6 API calls 2550->2552 2561 7ff63d9a2040 2551->2561 2554 7ff63d9a1d76 2552->2554 2555 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2554->2555 2556 7ff63d9a1d87 2555->2556 2557 7ff63d9a18a0 2557->2554 2558 7ff63d9a1dd0 2557->2558 2560 7ff63d9a20c0 21 API calls 2557->2560 2559 7ff63d9a1450 6 API calls 2558->2559 2559->2554 2560->2557 2562 7ff63d9a2063 BuildCatchObjectHelperInternal 2561->2562 2563 7ff63d9a20a2 2561->2563 2562->2557 2564 7ff63d9a2230 22 API calls 2563->2564 2565 7ff63d9a20b5 2564->2565 2565->2557 2566 7ff63d9a7260 2567 7ff63d9a7280 2566->2567 2568 7ff63d9a7273 2566->2568 2570 7ff63d9a1e80 2568->2570 2571 7ff63d9a1e93 2570->2571 2572 7ff63d9a1eb7 2570->2572 2571->2572 2573 7ff63d9a1ed8 _invalid_parameter_noinfo_noreturn 2571->2573 2572->2567 2574 7ff63d9a5860 2603 7ff63d9a43d0 2574->2603 2576 7ff63d9a58ad 2577 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2576->2577 2578 7ff63d9a58bb __except_validate_context_record 2577->2578 2579 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2578->2579 2580 7ff63d9a5914 2579->2580 2581 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2580->2581 2582 7ff63d9a591d 2581->2582 2583 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2582->2583 2584 7ff63d9a5926 2583->2584 2606 7ff63d9a3b18 2584->2606 2587 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2588 7ff63d9a5959 2587->2588 2589 7ff63d9a5aa9 abort 2588->2589 2590 7ff63d9a5991 2588->2590 2613 7ff63d9a3b54 2590->2613 2592 7ff63d9a5a5a __GSHandlerCheck_EH 2594 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2592->2594 2595 7ff63d9a5a6d 2594->2595 2596 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2595->2596 2598 7ff63d9a5a76 2596->2598 2599 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2598->2599 2600 7ff63d9a5a7f 2599->2600 2601 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2600->2601 2602 7ff63d9a5a8e 2601->2602 2625 7ff63d9a43ec 2603->2625 2605 7ff63d9a43d9 2605->2576 2607 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2606->2607 2608 7ff63d9a3b29 2607->2608 2609 7ff63d9a3b34 2608->2609 2610 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2608->2610 2611 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2609->2611 2610->2609 2612 7ff63d9a3b45 2611->2612 2612->2587 2612->2588 2614 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2613->2614 2615 7ff63d9a3b66 2614->2615 2616 7ff63d9a3ba1 abort 2615->2616 2617 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2615->2617 2618 7ff63d9a3b71 2617->2618 2618->2616 2619 7ff63d9a3b8d 2618->2619 2620 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2619->2620 2621 7ff63d9a3b92 2620->2621 2621->2592 2622 7ff63d9a4104 2621->2622 2623 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2622->2623 2624 7ff63d9a4112 2623->2624 2624->2592 2626 7ff63d9a4404 2625->2626 2627 7ff63d9a440b GetLastError 2625->2627 2626->2605 2639 7ff63d9a6678 2627->2639 2640 7ff63d9a6498 __vcrt_FlsAlloc 5 API calls 2639->2640 2641 7ff63d9a669f TlsGetValue 2640->2641 2643 7ff63d9a15e0 2646 7ff63d9a3d50 2643->2646 2645 7ff63d9a1607 2647 7ff63d9a3d5f free 2646->2647 2648 7ff63d9a3d67 2646->2648 2647->2648 2648->2645 2955 7ff63d9a4024 2962 7ff63d9a642c 2955->2962 2958 7ff63d9a4031 2974 7ff63d9a6714 2962->2974 2965 7ff63d9a402d 2965->2958 2967 7ff63d9a44ac 2965->2967 2966 7ff63d9a6460 __vcrt_uninitialize_locks DeleteCriticalSection 2966->2965 2979 7ff63d9a65e8 2967->2979 2975 7ff63d9a6498 __vcrt_FlsAlloc 5 API calls 2974->2975 2976 7ff63d9a674a 2975->2976 2977 7ff63d9a675f InitializeCriticalSectionAndSpinCount 2976->2977 2978 7ff63d9a6444 2976->2978 2977->2978 2978->2965 2978->2966 2980 7ff63d9a6498 __vcrt_FlsAlloc 5 API calls 2979->2980 2981 7ff63d9a660d TlsAlloc 2980->2981 2649 7ff63d9a74d6 2650 7ff63d9a3b54 11 API calls 2649->2650 2653 7ff63d9a74e9 2650->2653 2651 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2652 7ff63d9a752e 2651->2652 2654 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2652->2654 2656 7ff63d9a4104 10 API calls 2653->2656 2659 7ff63d9a751a __GSHandlerCheck_EH 2653->2659 2655 7ff63d9a753b 2654->2655 2657 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2655->2657 2656->2659 2658 7ff63d9a7548 2657->2658 2659->2651 2660 7ff63d9a7559 2663 7ff63d9a4158 2660->2663 2664 7ff63d9a4170 2663->2664 2665 7ff63d9a4182 2663->2665 2664->2665 2666 7ff63d9a4178 2664->2666 2667 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2665->2667 2668 7ff63d9a4180 2666->2668 2670 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2666->2670 2669 7ff63d9a4187 2667->2669 2669->2668 2672 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2669->2672 2671 7ff63d9a41a7 2670->2671 2673 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2671->2673 2672->2668 2674 7ff63d9a41b4 terminate 2673->2674 2983 7ff63d9a1b18 _time64 2984 7ff63d9a1b34 2983->2984 2984->2984 2985 7ff63d9a1bf1 2984->2985 2986 7ff63d9a1ee0 22 API calls 2984->2986 2987 7ff63d9a2230 22 API calls 2985->2987 2988 7ff63d9a1c34 BuildCatchObjectHelperInternal 2985->2988 2986->2985 2987->2988 2989 7ff63d9a1da2 _invalid_parameter_noinfo_noreturn 2988->2989 2994 7ff63d9a18a0 2988->2994 2990 7ff63d9a1da9 WSAGetLastError 2989->2990 2991 7ff63d9a1450 6 API calls 2990->2991 2993 7ff63d9a1d76 2991->2993 2992 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2997 7ff63d9a1d87 2992->2997 2993->2992 2994->2993 2995 7ff63d9a1dd0 2994->2995 2998 7ff63d9a20c0 21 API calls 2994->2998 2996 7ff63d9a1450 6 API calls 2995->2996 2996->2993 2998->2994 2999 7ff63d9a191a 3000 7ff63d9a194d 2999->3000 3002 7ff63d9a18a0 2999->3002 3001 7ff63d9a20c0 21 API calls 3000->3001 3001->3002 3004 7ff63d9a1dd0 3002->3004 3007 7ff63d9a20c0 21 API calls 3002->3007 3008 7ff63d9a1d76 3002->3008 3003 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 3006 7ff63d9a1d87 3003->3006 3005 7ff63d9a1450 6 API calls 3004->3005 3005->3008 3007->3002 3008->3003 3009 7ff63d9a291a 3010 7ff63d9a3020 __scrt_is_managed_app GetModuleHandleW 3009->3010 3011 7ff63d9a2921 3010->3011 3012 7ff63d9a2960 _exit 3011->3012 3013 7ff63d9a2925 3011->3013 2675 7ff63d9a756f 2676 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2675->2676 2677 7ff63d9a757d 2676->2677 2678 7ff63d9a7588 2677->2678 2679 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2677->2679 2679->2678 2687 7ff63d9a2970 2690 7ff63d9a2da0 2687->2690 2691 7ff63d9a2dc3 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2690->2691 2692 7ff63d9a2979 2690->2692 2691->2692 3014 7ff63d9a7130 3015 7ff63d9a7168 __GSHandlerCheckCommon 3014->3015 3016 7ff63d9a7194 3015->3016 3018 7ff63d9a3c00 3015->3018 3019 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3018->3019 3020 7ff63d9a3c42 3019->3020 3021 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3020->3021 3022 7ff63d9a3c4f 3021->3022 3023 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3022->3023 3024 7ff63d9a3c58 __GSHandlerCheck_EH 3023->3024 3025 7ff63d9a5414 __GSHandlerCheck_EH 31 API calls 3024->3025 3026 7ff63d9a3ca9 3025->3026 3026->3016 3030 7ff63d9a43b0 3031 7ff63d9a43b9 3030->3031 3032 7ff63d9a43ca 3030->3032 3031->3032 3033 7ff63d9a43c5 free 3031->3033 3033->3032 2693 7ff63d9a7372 2694 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2693->2694 2695 7ff63d9a7389 2694->2695 2696 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2695->2696 2697 7ff63d9a73a4 2696->2697 2698 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2697->2698 2699 7ff63d9a73ad 2698->2699 2704 7ff63d9a5414 2699->2704 2702 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2703 7ff63d9a73f8 2702->2703 2705 7ff63d9a5443 __except_validate_context_record 2704->2705 2706 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2705->2706 2709 7ff63d9a5448 2706->2709 2707 7ff63d9a5498 2708 7ff63d9a5551 2707->2708 2710 7ff63d9a559f 2707->2710 2718 7ff63d9a54f3 __GSHandlerCheck_EH 2707->2718 2708->2702 2709->2707 2709->2708 2714 7ff63d9a55b2 __GSHandlerCheck_EH 2709->2714 2744 7ff63d9a3678 2710->2744 2711 7ff63d9a55f7 2711->2708 2751 7ff63d9a49a4 2711->2751 2714->2708 2714->2711 2748 7ff63d9a3bbc 2714->2748 2715 7ff63d9a56a2 abort 2717 7ff63d9a5543 2720 7ff63d9a5cf0 2717->2720 2718->2715 2718->2717 2804 7ff63d9a3ba8 2720->2804 2722 7ff63d9a5d40 __GSHandlerCheck_EH 2723 7ff63d9a5d72 2722->2723 2724 7ff63d9a5d5b 2722->2724 2726 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2723->2726 2725 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2724->2725 2727 7ff63d9a5d60 2725->2727 2728 7ff63d9a5d77 2726->2728 2729 7ff63d9a5fd0 abort 2727->2729 2730 7ff63d9a5d6a 2727->2730 2728->2730 2731 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2728->2731 2732 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2730->2732 2733 7ff63d9a5d82 2731->2733 2742 7ff63d9a5d96 __GSHandlerCheck_EH 2732->2742 2734 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2733->2734 2734->2730 2735 7ff63d9a5f92 2736 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2735->2736 2737 7ff63d9a5f97 2736->2737 2738 7ff63d9a5fa2 2737->2738 2739 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2737->2739 2740 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2738->2740 2739->2738 2741 7ff63d9a5fb5 2740->2741 2741->2708 2742->2735 2807 7ff63d9a3bd0 2742->2807 2745 7ff63d9a368a 2744->2745 2746 7ff63d9a5cf0 __GSHandlerCheck_EH 19 API calls 2745->2746 2747 7ff63d9a36a5 2746->2747 2747->2708 2749 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2748->2749 2750 7ff63d9a3bc5 2749->2750 2750->2711 2752 7ff63d9a4a01 __GSHandlerCheck_EH 2751->2752 2753 7ff63d9a4a20 2752->2753 2754 7ff63d9a4a09 2752->2754 2756 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2753->2756 2755 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2754->2755 2764 7ff63d9a4a0e 2755->2764 2757 7ff63d9a4a25 2756->2757 2759 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2757->2759 2757->2764 2758 7ff63d9a4e99 abort 2760 7ff63d9a4a30 2759->2760 2761 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2760->2761 2761->2764 2762 7ff63d9a4b54 __GSHandlerCheck_EH 2763 7ff63d9a4def 2762->2763 2777 7ff63d9a4b90 __GSHandlerCheck_EH 2762->2777 2763->2758 2765 7ff63d9a4ded 2763->2765 2846 7ff63d9a4ea0 2763->2846 2764->2758 2764->2762 2766 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2764->2766 2767 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2765->2767 2768 7ff63d9a4ac0 2766->2768 2771 7ff63d9a4e30 2767->2771 2769 7ff63d9a4e37 2768->2769 2773 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2768->2773 2774 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2769->2774 2771->2758 2771->2769 2772 7ff63d9a4dd4 __GSHandlerCheck_EH 2772->2765 2779 7ff63d9a4e81 2772->2779 2775 7ff63d9a4ad0 2773->2775 2776 7ff63d9a4e43 2774->2776 2778 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2775->2778 2776->2708 2777->2772 2790 7ff63d9a3bbc 10 API calls BuildCatchObjectHelperInternal 2777->2790 2824 7ff63d9a52d0 2777->2824 2838 7ff63d9a48d0 2777->2838 2780 7ff63d9a4ad9 2778->2780 2781 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2779->2781 2810 7ff63d9a3be8 2780->2810 2783 7ff63d9a4e86 2781->2783 2785 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2783->2785 2786 7ff63d9a4e8f terminate 2785->2786 2786->2758 2787 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2788 7ff63d9a4b16 2787->2788 2788->2762 2789 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2788->2789 2791 7ff63d9a4b22 2789->2791 2790->2777 2792 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2791->2792 2793 7ff63d9a4b2b 2792->2793 2813 7ff63d9a5fd8 2793->2813 2797 7ff63d9a4b3f 2820 7ff63d9a60c8 2797->2820 2799 7ff63d9a4e7b terminate 2799->2779 2801 7ff63d9a4b47 std::bad_alloc::bad_alloc __GSHandlerCheck_EH 2801->2799 2802 7ff63d9a3f84 Concurrency::cancel_current_task 2 API calls 2801->2802 2803 7ff63d9a4e7a 2802->2803 2803->2799 2805 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2804->2805 2806 7ff63d9a3bb1 2805->2806 2806->2722 2808 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2807->2808 2809 7ff63d9a3bde 2808->2809 2809->2742 2811 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2810->2811 2812 7ff63d9a3bf6 2811->2812 2812->2758 2812->2787 2814 7ff63d9a60bf abort 2813->2814 2817 7ff63d9a6003 2813->2817 2815 7ff63d9a4b3b 2815->2762 2815->2797 2816 7ff63d9a3bbc 10 API calls BuildCatchObjectHelperInternal 2816->2817 2817->2815 2817->2816 2818 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2817->2818 2862 7ff63d9a5190 2817->2862 2818->2817 2821 7ff63d9a6135 2820->2821 2823 7ff63d9a60e5 Is_bad_exception_allowed 2820->2823 2821->2801 2822 7ff63d9a3ba8 10 API calls Is_bad_exception_allowed 2822->2823 2823->2821 2823->2822 2825 7ff63d9a52fd 2824->2825 2836 7ff63d9a538d 2824->2836 2826 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2825->2826 2827 7ff63d9a5306 2826->2827 2828 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2827->2828 2829 7ff63d9a531f 2827->2829 2827->2836 2828->2829 2830 7ff63d9a534c 2829->2830 2831 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2829->2831 2829->2836 2832 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2830->2832 2831->2830 2833 7ff63d9a5360 2832->2833 2834 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2833->2834 2835 7ff63d9a5379 2833->2835 2833->2836 2834->2835 2837 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2835->2837 2836->2777 2837->2836 2839 7ff63d9a490d __GSHandlerCheck_EH 2838->2839 2840 7ff63d9a4933 2839->2840 2876 7ff63d9a480c 2839->2876 2842 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2840->2842 2843 7ff63d9a4945 2842->2843 2885 7ff63d9a3838 RtlUnwindEx 2843->2885 2847 7ff63d9a4ef4 2846->2847 2848 7ff63d9a5169 2846->2848 2849 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2847->2849 2850 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2848->2850 2852 7ff63d9a4ef9 2849->2852 2851 7ff63d9a5175 2850->2851 2851->2765 2853 7ff63d9a4f0e EncodePointer 2852->2853 2855 7ff63d9a4f60 __GSHandlerCheck_EH 2852->2855 2854 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2853->2854 2857 7ff63d9a4f1e 2854->2857 2855->2848 2856 7ff63d9a5189 abort 2855->2856 2859 7ff63d9a4f82 __GSHandlerCheck_EH 2855->2859 2857->2855 2909 7ff63d9a34f8 2857->2909 2859->2848 2860 7ff63d9a48d0 __GSHandlerCheck_EH 21 API calls 2859->2860 2861 7ff63d9a3ba8 10 API calls Is_bad_exception_allowed 2859->2861 2860->2859 2861->2859 2863 7ff63d9a51bd 2862->2863 2875 7ff63d9a524c 2862->2875 2864 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2863->2864 2865 7ff63d9a51c6 2864->2865 2866 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2865->2866 2867 7ff63d9a51df 2865->2867 2865->2875 2866->2867 2868 7ff63d9a520b 2867->2868 2869 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2867->2869 2867->2875 2870 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2868->2870 2869->2868 2871 7ff63d9a521f 2870->2871 2872 7ff63d9a5238 2871->2872 2873 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2871->2873 2871->2875 2874 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2872->2874 2873->2872 2874->2875 2875->2817 2877 7ff63d9a482f 2876->2877 2888 7ff63d9a4608 2877->2888 2879 7ff63d9a4840 2880 7ff63d9a4845 __AdjustPointer 2879->2880 2881 7ff63d9a4881 __AdjustPointer 2879->2881 2883 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2880->2883 2884 7ff63d9a4864 BuildCatchObjectHelperInternal 2880->2884 2882 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2881->2882 2881->2884 2882->2884 2883->2884 2884->2840 2886 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2885->2886 2887 7ff63d9a394e 2886->2887 2887->2777 2889 7ff63d9a4635 2888->2889 2891 7ff63d9a463e 2888->2891 2890 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2889->2890 2890->2891 2892 7ff63d9a3ba8 Is_bad_exception_allowed 10 API calls 2891->2892 2893 7ff63d9a465d 2891->2893 2900 7ff63d9a46c2 __AdjustPointer BuildCatchObjectHelperInternal 2891->2900 2892->2893 2894 7ff63d9a46aa 2893->2894 2895 7ff63d9a46ca 2893->2895 2893->2900 2897 7ff63d9a47e9 abort abort 2894->2897 2894->2900 2896 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2895->2896 2899 7ff63d9a474a 2895->2899 2895->2900 2896->2899 2898 7ff63d9a480c 2897->2898 2902 7ff63d9a4608 BuildCatchObjectHelperInternal 10 API calls 2898->2902 2899->2900 2901 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2899->2901 2900->2879 2901->2900 2903 7ff63d9a4840 2902->2903 2904 7ff63d9a4845 __AdjustPointer 2903->2904 2905 7ff63d9a4881 __AdjustPointer 2903->2905 2907 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2904->2907 2908 7ff63d9a4864 BuildCatchObjectHelperInternal 2904->2908 2906 7ff63d9a3bbc BuildCatchObjectHelperInternal 10 API calls 2905->2906 2905->2908 2906->2908 2907->2908 2908->2879 2910 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2909->2910 2911 7ff63d9a3524 2910->2911 2911->2855 2912 7ff63d9a5f75 2920 7ff63d9a5e35 __GSHandlerCheck_EH 2912->2920 2913 7ff63d9a5f92 2914 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2913->2914 2915 7ff63d9a5f97 2914->2915 2916 7ff63d9a5fa2 2915->2916 2917 7ff63d9a43d0 _CreateFrameInfo 10 API calls 2915->2917 2918 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2916->2918 2917->2916 2919 7ff63d9a5fb5 2918->2919 2920->2913 2921 7ff63d9a3bd0 __GSHandlerCheck_EH 10 API calls 2920->2921 2921->2920 3034 7ff63d9a74a7 3037 7ff63d9a5cc0 3034->3037 3042 7ff63d9a5c38 3037->3042 3040 7ff63d9a5ce0 3041 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3041->3040 3043 7ff63d9a5ca3 3042->3043 3044 7ff63d9a5c5a 3042->3044 3043->3040 3043->3041 3044->3043 3045 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3044->3045 3045->3043 3046 7ff63d9a59ad 3047 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3046->3047 3048 7ff63d9a59ba 3047->3048 3049 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3048->3049 3051 7ff63d9a59c3 __GSHandlerCheck_EH 3049->3051 3050 7ff63d9a5a0a RaiseException 3052 7ff63d9a5a29 3050->3052 3051->3050 3053 7ff63d9a3b54 11 API calls 3052->3053 3056 7ff63d9a5a31 3053->3056 3054 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3055 7ff63d9a5a6d 3054->3055 3057 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3055->3057 3058 7ff63d9a4104 10 API calls 3056->3058 3060 7ff63d9a5a5a __GSHandlerCheck_EH 3056->3060 3059 7ff63d9a5a76 3057->3059 3058->3060 3061 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3059->3061 3060->3054 3062 7ff63d9a5a7f 3061->3062 3063 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3062->3063 3064 7ff63d9a5a8e 3063->3064 2256 7ff63d9a27ec 2279 7ff63d9a2b8c 2256->2279 2259 7ff63d9a2943 2319 7ff63d9a2ecc IsProcessorFeaturePresent 2259->2319 2260 7ff63d9a280d 2262 7ff63d9a294d 2260->2262 2263 7ff63d9a282b __scrt_release_startup_lock 2260->2263 2264 7ff63d9a2ecc 7 API calls 2262->2264 2266 7ff63d9a2850 2263->2266 2268 7ff63d9a28d6 _get_initial_narrow_environment __p___argv __p___argc 2263->2268 2271 7ff63d9a28ce _register_thread_local_exe_atexit_callback 2263->2271 2265 7ff63d9a2958 2264->2265 2267 7ff63d9a2960 _exit 2265->2267 2285 7ff63d9a1060 2268->2285 2271->2268 2274 7ff63d9a2903 2275 7ff63d9a2908 _cexit 2274->2275 2276 7ff63d9a290d 2274->2276 2275->2276 2315 7ff63d9a2d20 2276->2315 2326 7ff63d9a316c 2279->2326 2282 7ff63d9a2805 2282->2259 2282->2260 2283 7ff63d9a2bbb __scrt_initialize_crt 2283->2282 2328 7ff63d9a404c 2283->2328 2286 7ff63d9a1386 2285->2286 2304 7ff63d9a10b4 2285->2304 2355 7ff63d9a1450 __acrt_iob_func 2286->2355 2288 7ff63d9a1399 2313 7ff63d9a3020 GetModuleHandleW 2288->2313 2289 7ff63d9a1289 2289->2286 2290 7ff63d9a129f 2289->2290 2360 7ff63d9a2688 2290->2360 2292 7ff63d9a1125 strcmp 2292->2304 2293 7ff63d9a12a9 2294 7ff63d9a12b9 GetTempPathA 2293->2294 2295 7ff63d9a1325 2293->2295 2296 7ff63d9a12e9 strcat_s 2294->2296 2297 7ff63d9a12cb GetLastError 2294->2297 2369 7ff63d9a23c0 2295->2369 2296->2295 2301 7ff63d9a1304 2296->2301 2300 7ff63d9a1450 6 API calls 2297->2300 2298 7ff63d9a1151 strcmp 2298->2304 2305 7ff63d9a12df GetLastError 2300->2305 2306 7ff63d9a1450 6 API calls 2301->2306 2303 7ff63d9a117d strcmp 2303->2304 2304->2289 2304->2292 2304->2298 2304->2303 2311 7ff63d9a1226 strcmp 2304->2311 2310 7ff63d9a1312 2305->2310 2306->2310 2307 7ff63d9a1344 __acrt_iob_func fflush __acrt_iob_func fflush 2307->2310 2310->2288 2311->2304 2312 7ff63d9a1239 atoi 2311->2312 2312->2304 2314 7ff63d9a28ff 2313->2314 2314->2265 2314->2274 2317 7ff63d9a2d31 __scrt_initialize_crt 2315->2317 2316 7ff63d9a2916 2316->2266 2317->2316 2318 7ff63d9a404c __scrt_initialize_crt 7 API calls 2317->2318 2318->2316 2320 7ff63d9a2ef2 2319->2320 2321 7ff63d9a2f11 RtlCaptureContext RtlLookupFunctionEntry 2320->2321 2322 7ff63d9a2f76 2321->2322 2323 7ff63d9a2f3a RtlVirtualUnwind 2321->2323 2324 7ff63d9a2fa8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2322->2324 2323->2322 2325 7ff63d9a2ffa 2324->2325 2325->2262 2327 7ff63d9a2bae __scrt_dllmain_crt_thread_attach 2326->2327 2327->2282 2327->2283 2329 7ff63d9a405e 2328->2329 2330 7ff63d9a4054 2328->2330 2329->2282 2334 7ff63d9a44f4 2330->2334 2335 7ff63d9a4059 2334->2335 2336 7ff63d9a4503 2334->2336 2338 7ff63d9a6460 2335->2338 2342 7ff63d9a6630 2336->2342 2339 7ff63d9a648b 2338->2339 2340 7ff63d9a648f 2339->2340 2341 7ff63d9a646e DeleteCriticalSection 2339->2341 2340->2329 2341->2339 2346 7ff63d9a6498 2342->2346 2347 7ff63d9a65b2 TlsFree 2346->2347 2353 7ff63d9a64dc 2346->2353 2348 7ff63d9a650a LoadLibraryExW 2350 7ff63d9a6581 2348->2350 2351 7ff63d9a652b GetLastError 2348->2351 2349 7ff63d9a65a1 GetProcAddress 2349->2347 2350->2349 2352 7ff63d9a6598 FreeLibrary 2350->2352 2351->2353 2352->2349 2353->2347 2353->2348 2353->2349 2354 7ff63d9a654d LoadLibraryExW 2353->2354 2354->2350 2354->2353 2405 7ff63d9a1010 2355->2405 2357 7ff63d9a148a __acrt_iob_func 2408 7ff63d9a1000 2357->2408 2359 7ff63d9a14a2 __stdio_common_vfprintf __acrt_iob_func fflush 2359->2288 2363 7ff63d9a2690 2360->2363 2361 7ff63d9a26aa malloc 2362 7ff63d9a26b4 2361->2362 2361->2363 2362->2293 2363->2361 2364 7ff63d9a26ba 2363->2364 2365 7ff63d9a26c5 2364->2365 2410 7ff63d9a2b30 2364->2410 2414 7ff63d9a1720 2365->2414 2368 7ff63d9a26cb 2368->2293 2370 7ff63d9a2688 5 API calls 2369->2370 2371 7ff63d9a23f5 OpenProcess 2370->2371 2372 7ff63d9a2458 K32GetModuleBaseNameA 2371->2372 2373 7ff63d9a243b GetLastError 2371->2373 2375 7ff63d9a2470 GetLastError 2372->2375 2376 7ff63d9a2492 2372->2376 2374 7ff63d9a1450 6 API calls 2373->2374 2385 7ff63d9a2453 2374->2385 2378 7ff63d9a1450 6 API calls 2375->2378 2431 7ff63d9a1800 2376->2431 2380 7ff63d9a2484 CloseHandle 2378->2380 2380->2385 2381 7ff63d9a24ae 2384 7ff63d9a13c0 6 API calls 2381->2384 2382 7ff63d9a25b3 CloseHandle 2382->2385 2383 7ff63d9a25fa 2442 7ff63d9a2660 2383->2442 2386 7ff63d9a24cf CreateFileA 2384->2386 2385->2383 2387 7ff63d9a25f3 _invalid_parameter_noinfo_noreturn 2385->2387 2388 7ff63d9a250f GetLastError 2386->2388 2397 7ff63d9a2543 2386->2397 2387->2383 2390 7ff63d9a1450 6 API calls 2388->2390 2393 7ff63d9a2538 CloseHandle 2390->2393 2391 7ff63d9a2550 MiniDumpWriteDump 2394 7ff63d9a2576 GetLastError 2391->2394 2395 7ff63d9a258a CloseHandle CloseHandle 2391->2395 2393->2385 2394->2397 2398 7ff63d9a258c 2394->2398 2395->2385 2397->2391 2397->2395 2399 7ff63d9a1450 6 API calls 2398->2399 2399->2395 2400 7ff63d9a13c0 __acrt_iob_func 2401 7ff63d9a1010 fprintf __stdio_common_vfprintf 2400->2401 2402 7ff63d9a13fa __acrt_iob_func 2401->2402 2501 7ff63d9a1000 2402->2501 2404 7ff63d9a1412 __stdio_common_vfprintf __acrt_iob_func fflush 2404->2307 2409 7ff63d9a1000 2405->2409 2407 7ff63d9a1036 __stdio_common_vfprintf 2407->2357 2408->2359 2409->2407 2411 7ff63d9a2b3e std::bad_alloc::bad_alloc 2410->2411 2420 7ff63d9a3f84 2411->2420 2413 7ff63d9a2b4f 2415 7ff63d9a172e Concurrency::cancel_current_task 2414->2415 2416 7ff63d9a3f84 Concurrency::cancel_current_task 2 API calls 2415->2416 2417 7ff63d9a173f 2416->2417 2425 7ff63d9a3cc0 2417->2425 2421 7ff63d9a3fc0 RtlPcToFileHeader 2420->2421 2422 7ff63d9a3fa3 2420->2422 2423 7ff63d9a3fe7 RaiseException 2421->2423 2424 7ff63d9a3fd8 2421->2424 2422->2421 2423->2413 2424->2423 2426 7ff63d9a176d 2425->2426 2427 7ff63d9a3ce1 2425->2427 2426->2368 2427->2426 2427->2427 2428 7ff63d9a3cf6 malloc 2427->2428 2429 7ff63d9a3d23 free 2428->2429 2430 7ff63d9a3d07 2428->2430 2429->2426 2430->2429 2432 7ff63d9a1850 2431->2432 2433 7ff63d9a1863 WSAStartup 2431->2433 2435 7ff63d9a1450 6 API calls 2432->2435 2434 7ff63d9a185c 2433->2434 2438 7ff63d9a187f 2433->2438 2436 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2434->2436 2435->2434 2437 7ff63d9a1d87 2436->2437 2437->2381 2437->2382 2438->2434 2439 7ff63d9a1dd0 2438->2439 2451 7ff63d9a20c0 2438->2451 2440 7ff63d9a1450 6 API calls 2439->2440 2440->2434 2443 7ff63d9a2669 2442->2443 2444 7ff63d9a1334 2443->2444 2445 7ff63d9a29c0 IsProcessorFeaturePresent 2443->2445 2444->2307 2444->2400 2446 7ff63d9a29d8 2445->2446 2496 7ff63d9a2a94 RtlCaptureContext 2446->2496 2452 7ff63d9a20e9 2451->2452 2453 7ff63d9a2218 2451->2453 2455 7ff63d9a2144 2452->2455 2457 7ff63d9a2137 2452->2457 2458 7ff63d9a216c 2452->2458 2475 7ff63d9a17e0 2453->2475 2466 7ff63d9a2690 2455->2466 2456 7ff63d9a221d 2460 7ff63d9a1720 Concurrency::cancel_current_task 4 API calls 2456->2460 2457->2455 2457->2456 2462 7ff63d9a2690 5 API calls 2458->2462 2464 7ff63d9a2155 BuildCatchObjectHelperInternal 2458->2464 2463 7ff63d9a2223 2460->2463 2461 7ff63d9a21e0 _invalid_parameter_noinfo_noreturn 2465 7ff63d9a21d3 BuildCatchObjectHelperInternal 2461->2465 2462->2464 2464->2461 2464->2465 2465->2438 2467 7ff63d9a26aa malloc 2466->2467 2468 7ff63d9a26b4 2467->2468 2469 7ff63d9a269b 2467->2469 2468->2464 2469->2467 2470 7ff63d9a26ba 2469->2470 2471 7ff63d9a26c5 2470->2471 2472 7ff63d9a2b30 Concurrency::cancel_current_task 2 API calls 2470->2472 2473 7ff63d9a1720 Concurrency::cancel_current_task 4 API calls 2471->2473 2472->2471 2474 7ff63d9a26cb 2473->2474 2474->2464 2488 7ff63d9a34d4 2475->2488 2493 7ff63d9a33f8 2488->2493 2491 7ff63d9a3f84 Concurrency::cancel_current_task 2 API calls 2492 7ff63d9a34f6 2491->2492 2494 7ff63d9a3cc0 __std_exception_copy 2 API calls 2493->2494 2495 7ff63d9a342c 2494->2495 2495->2491 2497 7ff63d9a2aae RtlLookupFunctionEntry 2496->2497 2498 7ff63d9a2ac4 RtlVirtualUnwind 2497->2498 2499 7ff63d9a29eb 2497->2499 2498->2497 2498->2499 2500 7ff63d9a2984 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2499->2500 2501->2404 3065 7ff63d9a2700 3066 7ff63d9a2710 3065->3066 3078 7ff63d9a2bd8 3066->3078 3068 7ff63d9a2ecc 7 API calls 3070 7ff63d9a27b5 3068->3070 3069 7ff63d9a2734 _RTC_Initialize 3076 7ff63d9a2797 3069->3076 3086 7ff63d9a2e64 InitializeSListHead 3069->3086 3076->3068 3077 7ff63d9a27a5 3076->3077 3079 7ff63d9a2c1b 3078->3079 3080 7ff63d9a2be9 3078->3080 3079->3069 3081 7ff63d9a2c58 3080->3081 3084 7ff63d9a2bee __scrt_release_startup_lock 3080->3084 3082 7ff63d9a2ecc 7 API calls 3081->3082 3083 7ff63d9a2c62 3082->3083 3084->3079 3085 7ff63d9a2c0b _initialize_onexit_table 3084->3085 3085->3079 2929 7ff63d9a1d39 2930 7ff63d9a1d40 2929->2930 2930->2930 2931 7ff63d9a2040 22 API calls 2930->2931 2933 7ff63d9a18a0 2930->2933 2931->2933 2932 7ff63d9a1d76 2934 7ff63d9a2660 __GSHandlerCheck_EH 8 API calls 2932->2934 2933->2932 2935 7ff63d9a1dd0 2933->2935 2938 7ff63d9a20c0 21 API calls 2933->2938 2937 7ff63d9a1d87 2934->2937 2936 7ff63d9a1450 6 API calls 2935->2936 2936->2932 2938->2933 2942 7ff63d9a733c _seh_filter_exe 3090 7ff63d9a7411 3091 7ff63d9a7495 3090->3091 3092 7ff63d9a7429 3090->3092 3092->3091 3093 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3092->3093 3094 7ff63d9a7476 3093->3094 3095 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3094->3095 3096 7ff63d9a748b terminate 3095->3096 3096->3091 2948 7ff63d9a1550 2949 7ff63d9a3d50 __std_exception_destroy free 2948->2949 2950 7ff63d9a1567 2949->2950 2943 7ff63d9a27d0 2947 7ff63d9a3074 SetUnhandledExceptionFilter 2943->2947 3097 7ff63d9a1510 3098 7ff63d9a3cc0 __std_exception_copy 2 API calls 3097->3098 3099 7ff63d9a1539 3098->3099 3103 7ff63d9a3090 3104 7ff63d9a30c4 3103->3104 3105 7ff63d9a30a8 3103->3105 3105->3104 3110 7ff63d9a41c0 3105->3110 3109 7ff63d9a30e2 3111 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3110->3111 3112 7ff63d9a30d6 3111->3112 3113 7ff63d9a41d4 3112->3113 3114 7ff63d9a43d0 _CreateFrameInfo 10 API calls 3113->3114 3115 7ff63d9a41dd 3114->3115 3115->3109 3116 7ff63d9a7090 3117 7ff63d9a70d2 __GSHandlerCheckCommon 3116->3117 3118 7ff63d9a70fa 3117->3118 3120 7ff63d9a3d78 3117->3120 3121 7ff63d9a3da8 _IsNonwritableInCurrentImage __C_specific_handler __except_validate_context_record 3120->3121 3122 7ff63d9a3e99 3121->3122 3123 7ff63d9a3e64 RtlUnwindEx 3121->3123 3122->3118 3123->3121 3124 7ff63d9a7290 3125 7ff63d9a72b0 3124->3125 3126 7ff63d9a72a3 3124->3126 3127 7ff63d9a1e80 _invalid_parameter_noinfo_noreturn 3126->3127 3127->3125 2951 7ff63d9a48c7 abort

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 7ff63d9a1060-7ff63d9a10ae 1 7ff63d9a10b4-7ff63d9a10c6 0->1 2 7ff63d9a1386-7ff63d9a1394 call 7ff63d9a1450 0->2 4 7ff63d9a10d0-7ff63d9a10d6 1->4 7 7ff63d9a1399 2->7 5 7ff63d9a127f-7ff63d9a1283 4->5 6 7ff63d9a10dc-7ff63d9a10df 4->6 5->4 11 7ff63d9a1289-7ff63d9a1299 5->11 8 7ff63d9a10e1-7ff63d9a10e5 6->8 9 7ff63d9a10ed 6->9 10 7ff63d9a139e-7ff63d9a13b7 7->10 8->9 12 7ff63d9a10e7-7ff63d9a10eb 8->12 13 7ff63d9a10f0-7ff63d9a10fc 9->13 11->2 14 7ff63d9a129f-7ff63d9a12b7 call 7ff63d9a2688 11->14 12->9 15 7ff63d9a1104-7ff63d9a110b 12->15 16 7ff63d9a10fe-7ff63d9a1102 13->16 17 7ff63d9a1110-7ff63d9a1113 13->17 23 7ff63d9a12b9-7ff63d9a12c9 GetTempPathA 14->23 24 7ff63d9a132a-7ff63d9a1336 call 7ff63d9a23c0 14->24 19 7ff63d9a127b 15->19 16->13 16->15 20 7ff63d9a1125-7ff63d9a1136 strcmp 17->20 21 7ff63d9a1115-7ff63d9a1119 17->21 19->5 26 7ff63d9a1267-7ff63d9a126e 20->26 27 7ff63d9a113c-7ff63d9a113f 20->27 21->20 25 7ff63d9a111b-7ff63d9a111f 21->25 28 7ff63d9a12e9-7ff63d9a1302 strcat_s 23->28 29 7ff63d9a12cb-7ff63d9a12e7 GetLastError call 7ff63d9a1450 GetLastError 23->29 45 7ff63d9a1346 24->45 46 7ff63d9a1338-7ff63d9a1344 call 7ff63d9a13c0 24->46 25->20 25->26 30 7ff63d9a1276 26->30 31 7ff63d9a1151-7ff63d9a1162 strcmp 27->31 32 7ff63d9a1141-7ff63d9a1145 27->32 35 7ff63d9a1325 28->35 36 7ff63d9a1304-7ff63d9a1312 call 7ff63d9a1450 28->36 52 7ff63d9a1313-7ff63d9a1323 call 7ff63d9a2680 29->52 30->19 39 7ff63d9a1258-7ff63d9a1265 31->39 40 7ff63d9a1168-7ff63d9a116b 31->40 32->31 37 7ff63d9a1147-7ff63d9a114b 32->37 35->24 36->52 37->31 37->39 39->19 41 7ff63d9a117d-7ff63d9a118e strcmp 40->41 42 7ff63d9a116d-7ff63d9a1171 40->42 49 7ff63d9a1194-7ff63d9a1197 41->49 50 7ff63d9a1247-7ff63d9a1256 41->50 42->41 48 7ff63d9a1173-7ff63d9a1177 42->48 51 7ff63d9a134b-7ff63d9a1384 __acrt_iob_func fflush __acrt_iob_func fflush call 7ff63d9a2680 45->51 46->51 48->41 48->50 55 7ff63d9a11a5-7ff63d9a11af 49->55 56 7ff63d9a1199-7ff63d9a119d 49->56 50->30 51->10 52->10 61 7ff63d9a11b0-7ff63d9a11bb 55->61 56->55 59 7ff63d9a119f-7ff63d9a11a3 56->59 59->55 63 7ff63d9a11c3-7ff63d9a11d2 59->63 64 7ff63d9a11d7-7ff63d9a11da 61->64 65 7ff63d9a11bd-7ff63d9a11c1 61->65 63->30 66 7ff63d9a11ec-7ff63d9a11f6 64->66 67 7ff63d9a11dc-7ff63d9a11e0 64->67 65->61 65->63 69 7ff63d9a1200-7ff63d9a120b 66->69 67->66 68 7ff63d9a11e2-7ff63d9a11e6 67->68 68->19 68->66 70 7ff63d9a1215-7ff63d9a1218 69->70 71 7ff63d9a120d-7ff63d9a1211 69->71 73 7ff63d9a1226-7ff63d9a1237 strcmp 70->73 74 7ff63d9a121a-7ff63d9a121e 70->74 71->69 72 7ff63d9a1213 71->72 72->19 73->19 76 7ff63d9a1239-7ff63d9a1245 atoi 73->76 74->73 75 7ff63d9a1220-7ff63d9a1224 74->75 75->19 75->73 76->19
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: strcmp$ErrorLast__acrt_iob_funcfflush$PathTempatoistrcat_s
                                                  • String ID: -$-$-$-$-$-$-$--diag$--full$--name$--normal$--triage$--verbose$--withheap$Dump successfully written$GetTempPath failed (0x%08x)$createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn$dump.%p.dmp$full dump$minidump$minidump with heap$strcat_s failed (%d)$triage minidump$v
                                                  • API String ID: 2647627392-2367407095
                                                  • Opcode ID: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
                                                  • Instruction ID: f1064262f3a2d722bcc2f45728059d3d5214979cfb3877101f6005ad99ffbd4b
                                                  • Opcode Fuzzy Hash: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
                                                  • Instruction Fuzzy Hash: D2A15F63D0C68A55FB618FA0A4402B966A4EF46754F485135C94ED67DFFE3CE448E310

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __p___argc__p___argv__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                                  • String ID:
                                                  • API String ID: 2308368977-0
                                                  • Opcode ID: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
                                                  • Instruction ID: 3fd8b96c7fe522db2d2edb582998313fc9aa9975ddc76ff3498fd2f552b8709a
                                                  • Opcode Fuzzy Hash: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
                                                  • Instruction Fuzzy Hash: BC314F23E0C60F46FA14ABE595113BD6291AF45B84F446035EA0DCF3EFFE2CEA54A250

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
                                                  • String ID: [createdump]
                                                  • API String ID: 3735572767-2657508301
                                                  • Opcode ID: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
                                                  • Instruction ID: 96d4d34ab011e5f6daff9764f1cd0bc25e3550ffb3aec7f24a577ef4e56e93d8
                                                  • Opcode Fuzzy Hash: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
                                                  • Instruction Fuzzy Hash: CB014B66E08B9582E6009B90F80517AA364FB84BD1F004539EE8E837AAEF3CD465D700

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 3140674995-0
                                                  • Opcode ID: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
                                                  • Instruction ID: 1504acfb9d2f0fd2ba4fa794104199c2c5037cc4be36dbd7ebc46e5adaeb8783
                                                  • Opcode Fuzzy Hash: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
                                                  • Instruction Fuzzy Hash: C6315073A08B9586EB608FA0E8403EE7365FB84744F44443ADA4E87BD9EF38D648C710
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
                                                  • Instruction ID: a4466b87fe6c10fb7621a62f06b8a0b3a7bc824fc45dbdac0e0aeecd91bb0e61
                                                  • Opcode Fuzzy Hash: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
                                                  • Instruction Fuzzy Hash: 61A00223D0CC3AD0E6448BD0E8541727330FF54300B400471D40DC12EABF3CA454E300

                                                  Control-flow Graph

                                                  APIs
                                                  • OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63D9A242D
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63D9A243B
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A1475
                                                    • Part of subcall function 00007FF63D9A1450: fprintf.MSPDB140-MSVCRT ref: 00007FF63D9A1485
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A1494
                                                    • Part of subcall function 00007FF63D9A1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14B3
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14BE
                                                    • Part of subcall function 00007FF63D9A1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14C7
                                                  • K32GetModuleBaseNameA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63D9A2466
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63D9A2470
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63D9A2487
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63D9A25F3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$ErrorLast$BaseCloseHandleModuleNameOpenProcess__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnfflushfprintf
                                                  • String ID: Get process name FAILED %d$Invalid dump path '%s' error %d$Invalid process id '%d' error %d$Write dump FAILED 0x%08x$Writing %s to file %s
                                                  • API String ID: 3971781330-1292085346
                                                  • Opcode ID: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
                                                  • Instruction ID: 66bfd63edb0628c7a76b25de3eff4b8dc781a0a38f8f31450c46202b1a28e3f6
                                                  • Opcode Fuzzy Hash: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
                                                  • Instruction Fuzzy Hash: 1B61A233E08A4A81EB109B95E45067A77A1FB85794F501130EE9E87BEEEF3CE455E700

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 177 7ff63d9a49a4-7ff63d9a4a07 call 7ff63d9a4518 180 7ff63d9a4a20-7ff63d9a4a29 call 7ff63d9a43d0 177->180 181 7ff63d9a4a09-7ff63d9a4a12 call 7ff63d9a43d0 177->181 188 7ff63d9a4a3f-7ff63d9a4a42 180->188 189 7ff63d9a4a2b-7ff63d9a4a38 call 7ff63d9a43d0 * 2 180->189 186 7ff63d9a4e99-7ff63d9a4e9f abort 181->186 187 7ff63d9a4a18-7ff63d9a4a1e 181->187 187->188 188->186 191 7ff63d9a4a48-7ff63d9a4a54 188->191 189->188 193 7ff63d9a4a7f 191->193 194 7ff63d9a4a56-7ff63d9a4a7d 191->194 196 7ff63d9a4a81-7ff63d9a4a83 193->196 194->196 196->186 198 7ff63d9a4a89-7ff63d9a4a8f 196->198 199 7ff63d9a4a95-7ff63d9a4a99 198->199 200 7ff63d9a4b59-7ff63d9a4b6f call 7ff63d9a5724 198->200 199->200 202 7ff63d9a4a9f-7ff63d9a4aaa 199->202 205 7ff63d9a4def-7ff63d9a4df3 200->205 206 7ff63d9a4b75-7ff63d9a4b79 200->206 202->200 204 7ff63d9a4ab0-7ff63d9a4ab5 202->204 204->200 207 7ff63d9a4abb-7ff63d9a4ac5 call 7ff63d9a43d0 204->207 208 7ff63d9a4df5-7ff63d9a4dfc 205->208 209 7ff63d9a4e2b-7ff63d9a4e35 call 7ff63d9a43d0 205->209 206->205 210 7ff63d9a4b7f-7ff63d9a4b8a 206->210 216 7ff63d9a4e37-7ff63d9a4e56 call 7ff63d9a2660 207->216 217 7ff63d9a4acb-7ff63d9a4af1 call 7ff63d9a43d0 * 2 call 7ff63d9a3be8 207->217 208->186 212 7ff63d9a4e02-7ff63d9a4e26 call 7ff63d9a4ea0 208->212 209->186 209->216 210->205 214 7ff63d9a4b90-7ff63d9a4b94 210->214 212->209 220 7ff63d9a4dd4-7ff63d9a4dd8 214->220 221 7ff63d9a4b9a-7ff63d9a4bd1 call 7ff63d9a36d0 214->221 246 7ff63d9a4b11-7ff63d9a4b1b call 7ff63d9a43d0 217->246 247 7ff63d9a4af3-7ff63d9a4af7 217->247 220->209 225 7ff63d9a4dda-7ff63d9a4de7 call 7ff63d9a3670 220->225 221->220 230 7ff63d9a4bd7-7ff63d9a4be2 221->230 233 7ff63d9a4e81-7ff63d9a4e98 call 7ff63d9a43d0 * 2 terminate 225->233 234 7ff63d9a4ded 225->234 235 7ff63d9a4be6-7ff63d9a4bf6 230->235 233->186 234->209 238 7ff63d9a4d2f-7ff63d9a4dce 235->238 239 7ff63d9a4bfc-7ff63d9a4c02 235->239 238->220 238->235 239->238 242 7ff63d9a4c08-7ff63d9a4c31 call 7ff63d9a56a8 239->242 242->238 252 7ff63d9a4c37-7ff63d9a4c7e call 7ff63d9a3bbc * 2 242->252 246->200 256 7ff63d9a4b1d-7ff63d9a4b3d call 7ff63d9a43d0 * 2 call 7ff63d9a5fd8 246->256 247->246 250 7ff63d9a4af9-7ff63d9a4b04 247->250 250->246 253 7ff63d9a4b06-7ff63d9a4b0b 250->253 264 7ff63d9a4c80-7ff63d9a4ca5 call 7ff63d9a3bbc call 7ff63d9a52d0 252->264 265 7ff63d9a4cba-7ff63d9a4cd0 call 7ff63d9a5ab0 252->265 253->186 253->246 273 7ff63d9a4b3f-7ff63d9a4b49 call 7ff63d9a60c8 256->273 274 7ff63d9a4b54 256->274 279 7ff63d9a4cd7-7ff63d9a4d26 call 7ff63d9a48d0 264->279 280 7ff63d9a4ca7-7ff63d9a4cb3 264->280 275 7ff63d9a4cd2 265->275 276 7ff63d9a4d2b 265->276 283 7ff63d9a4b4f-7ff63d9a4e7a call 7ff63d9a4090 call 7ff63d9a5838 call 7ff63d9a3f84 273->283 284 7ff63d9a4e7b-7ff63d9a4e80 terminate 273->284 274->200 275->252 276->238 279->276 280->264 282 7ff63d9a4cb5 280->282 282->265 283->284 284->233
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: terminate$Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 695522112-393685449
                                                  • Opcode ID: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
                                                  • Instruction ID: c4aee56eb185c79e28f0b51427ac5710efc3e71967c6e346f4204f56bf67b843
                                                  • Opcode Fuzzy Hash: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
                                                  • Instruction Fuzzy Hash: FDE17D73E0868ACAE7609FB5D4812AD77A0FB44748F154136DA8D8779BEF38E485D700

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
                                                  • String ID: [createdump]
                                                  • API String ID: 3735572767-2657508301
                                                  • Opcode ID: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
                                                  • Instruction ID: cffc44888ee9d2d03e8c79756824f0cc0955faf8ba08c0a8520bd51ee9f289b2
                                                  • Opcode Fuzzy Hash: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
                                                  • Instruction Fuzzy Hash: 49014B76E08B9582E7009B90F8141BAB364FB84BD1F004135EE8D837AAEF7CD4A5D740

                                                  Control-flow Graph

                                                  APIs
                                                  • WSAStartup.WS2_32 ref: 00007FF63D9A186C
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A1475
                                                    • Part of subcall function 00007FF63D9A1450: fprintf.MSPDB140-MSVCRT ref: 00007FF63D9A1485
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A1494
                                                    • Part of subcall function 00007FF63D9A1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14B3
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14BE
                                                    • Part of subcall function 00007FF63D9A1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14C7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$Startup__stdio_common_vfprintffflushfprintf
                                                  • String ID: %%%%%%%%$%%%%%%%%$--name$Invalid dump name format char '%c'$Pipe syntax in dump name not supported
                                                  • API String ID: 3378602911-3973674938
                                                  • Opcode ID: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
                                                  • Instruction ID: be16514c61074f9149549b154921b27078e0ba5642bed5be4f394595f245da7f
                                                  • Opcode Fuzzy Hash: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
                                                  • Instruction Fuzzy Hash: 1A311263E08AD986E7598F9998547F927A2BB45384F850132EE4D573DBEF3CE148E300

                                                  Control-flow Graph

                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000000,00007FF63D9A669F,?,?,?,00007FF63D9A441E,?,?,?,00007FF63D9A43D9), ref: 00007FF63D9A651D
                                                  • GetLastError.KERNEL32(?,00000000,00007FF63D9A669F,?,?,?,00007FF63D9A441E,?,?,?,00007FF63D9A43D9,?,?,?,?,00007FF63D9A3524), ref: 00007FF63D9A652B
                                                  • LoadLibraryExW.KERNEL32(?,00000000,00007FF63D9A669F,?,?,?,00007FF63D9A441E,?,?,?,00007FF63D9A43D9,?,?,?,?,00007FF63D9A3524), ref: 00007FF63D9A6555
                                                  • FreeLibrary.KERNEL32(?,00000000,00007FF63D9A669F,?,?,?,00007FF63D9A441E,?,?,?,00007FF63D9A43D9,?,?,?,?,00007FF63D9A3524), ref: 00007FF63D9A659B
                                                  • GetProcAddress.KERNEL32(?,00000000,00007FF63D9A669F,?,?,?,00007FF63D9A441E,?,?,?,00007FF63D9A43D9,?,?,?,?,00007FF63D9A3524), ref: 00007FF63D9A65A7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                  • String ID: api-ms-
                                                  • API String ID: 2559590344-2084034818
                                                  • Opcode ID: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
                                                  • Instruction ID: 14e5c30c5f7bcba2c0051b1f488648ed21ac01474085864e5eeb7e8b08fa73b9
                                                  • Opcode Fuzzy Hash: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
                                                  • Instruction Fuzzy Hash: 15319023E1AA5A91EE219BD2980057522E4FF48BA0F595634DD1D8A7CEFF3CE444D300

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 360 7ff63d9a1b18-7ff63d9a1b32 _time64 361 7ff63d9a1b80-7ff63d9a1ba8 360->361 362 7ff63d9a1b34-7ff63d9a1b37 360->362 361->361 364 7ff63d9a1baa-7ff63d9a1bd8 361->364 363 7ff63d9a1b40-7ff63d9a1b68 362->363 363->363 365 7ff63d9a1b6a-7ff63d9a1b71 363->365 366 7ff63d9a1bfa-7ff63d9a1c32 364->366 367 7ff63d9a1bda-7ff63d9a1bf5 call 7ff63d9a1ee0 364->367 365->364 369 7ff63d9a1c64-7ff63d9a1c78 call 7ff63d9a2230 366->369 370 7ff63d9a1c34-7ff63d9a1c43 366->370 367->366 377 7ff63d9a1c7d-7ff63d9a1c88 369->377 372 7ff63d9a1c45 370->372 373 7ff63d9a1c48-7ff63d9a1c62 call 7ff63d9a68c0 370->373 372->373 373->377 379 7ff63d9a1cbb-7ff63d9a1cde 377->379 380 7ff63d9a1c8a-7ff63d9a1c98 377->380 383 7ff63d9a1d55-7ff63d9a1d70 379->383 381 7ff63d9a1cb3-7ff63d9a1cb6 call 7ff63d9a2680 380->381 382 7ff63d9a1c9a-7ff63d9a1cad 380->382 381->379 382->381 384 7ff63d9a1da2-7ff63d9a1dce _invalid_parameter_noinfo_noreturn WSAGetLastError call 7ff63d9a1450 call 7ff63d9a2680 382->384 387 7ff63d9a18a0-7ff63d9a18a3 383->387 388 7ff63d9a1d76 383->388 390 7ff63d9a1d78-7ff63d9a1da1 call 7ff63d9a2660 384->390 392 7ff63d9a18f3-7ff63d9a18fe 387->392 393 7ff63d9a18a5-7ff63d9a18b7 387->393 388->390 398 7ff63d9a1dd0-7ff63d9a1dde call 7ff63d9a1450 392->398 399 7ff63d9a1904-7ff63d9a1915 392->399 396 7ff63d9a18e2-7ff63d9a18ee call 7ff63d9a20c0 393->396 397 7ff63d9a18b9-7ff63d9a18c8 393->397 396->383 403 7ff63d9a18ca 397->403 404 7ff63d9a18cd-7ff63d9a18dd 397->404 398->390 399->383 403->404 404->383
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: _time64
                                                  • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                  • API String ID: 1670930206-4114407318
                                                  • Opcode ID: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
                                                  • Instruction ID: 260d883edc0cc27673f06bfce34dbd48da5de115c5bdb218b9dfd32627a8028c
                                                  • Opcode Fuzzy Hash: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
                                                  • Instruction Fuzzy Hash: FB51E163E18B8986EB008B68E4843A967A4EB417D0F400132DA5D67BEEEF3CE045E300

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: EncodePointerabort
                                                  • String ID: MOC$RCC
                                                  • API String ID: 1188231555-2084237596
                                                  • Opcode ID: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
                                                  • Instruction ID: eead875f0e92f1f7705c30f05015262b4958bb653c3fcf0a364d39edc1e7e99f
                                                  • Opcode Fuzzy Hash: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
                                                  • Instruction Fuzzy Hash: EE918373F08B9A8AE750CBA5E8402AD77B0F744788F144129EE8D97B9AEF38D155D700

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 459 7ff63d9a5414-7ff63d9a5461 call 7ff63d9a63f4 call 7ff63d9a43d0 464 7ff63d9a548e-7ff63d9a5492 459->464 465 7ff63d9a5463-7ff63d9a5469 459->465 466 7ff63d9a55b2-7ff63d9a55c7 call 7ff63d9a5724 464->466 467 7ff63d9a5498-7ff63d9a549b 464->467 465->464 468 7ff63d9a546b-7ff63d9a546e 465->468 480 7ff63d9a55d2-7ff63d9a55d8 466->480 481 7ff63d9a55c9-7ff63d9a55cc 466->481 469 7ff63d9a54a1-7ff63d9a54d1 467->469 470 7ff63d9a5680 467->470 472 7ff63d9a5480-7ff63d9a5483 468->472 473 7ff63d9a5470-7ff63d9a5474 468->473 469->470 474 7ff63d9a54d7-7ff63d9a54de 469->474 475 7ff63d9a5685-7ff63d9a56a1 470->475 472->464 477 7ff63d9a5485-7ff63d9a5488 472->477 473->477 478 7ff63d9a5476-7ff63d9a547e 473->478 474->470 479 7ff63d9a54e4-7ff63d9a54e8 474->479 477->464 477->470 478->464 478->472 482 7ff63d9a559f-7ff63d9a55ad call 7ff63d9a3678 479->482 483 7ff63d9a54ee-7ff63d9a54f1 479->483 484 7ff63d9a5647-7ff63d9a567b call 7ff63d9a49a4 480->484 485 7ff63d9a55da-7ff63d9a55de 480->485 481->470 481->480 482->470 487 7ff63d9a54f3-7ff63d9a5508 call 7ff63d9a4520 483->487 488 7ff63d9a5556-7ff63d9a5559 483->488 484->470 485->484 490 7ff63d9a55e0-7ff63d9a55e7 485->490 495 7ff63d9a56a2-7ff63d9a56a7 abort 487->495 501 7ff63d9a550e-7ff63d9a5511 487->501 488->482 491 7ff63d9a555b-7ff63d9a5563 488->491 490->484 494 7ff63d9a55e9-7ff63d9a55f0 490->494 491->495 496 7ff63d9a5569-7ff63d9a5593 491->496 494->484 498 7ff63d9a55f2-7ff63d9a5605 call 7ff63d9a3bbc 494->498 496->495 500 7ff63d9a5599-7ff63d9a559d 496->500 498->484 506 7ff63d9a5607-7ff63d9a5645 498->506 503 7ff63d9a5546-7ff63d9a5551 call 7ff63d9a5cf0 500->503 504 7ff63d9a5513-7ff63d9a5538 501->504 505 7ff63d9a553a-7ff63d9a553d 501->505 503->470 504->505 505->495 507 7ff63d9a5543 505->507 506->475 507->503
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __except_validate_context_recordabort
                                                  • String ID: csm$csm
                                                  • API String ID: 746414643-3733052814
                                                  • Opcode ID: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
                                                  • Instruction ID: 8949a9094afc97cf993ffcac0e7ecf3d945812f5da4d9bcc9d5add6304af4cae
                                                  • Opcode Fuzzy Hash: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
                                                  • Instruction Fuzzy Hash: D7719D33E086868ADBA08FA594506797BB1FB44B99F148135DA8D87BCAEF3CD451DB00

                                                  Control-flow Graph

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                  • API String ID: 0-4114407318
                                                  • Opcode ID: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
                                                  • Instruction ID: 0359db0a243608361792a3fccffa7ccf349b48b34b49c3902cb4ce603538ff5a
                                                  • Opcode Fuzzy Hash: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
                                                  • Instruction Fuzzy Hash: 1051E323E18B8986E700CF69E4447AA67A5EB817D0F400135EA9D57BEEEF3DD045E700

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 2558813199-1018135373
                                                  • Opcode ID: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
                                                  • Instruction ID: 2812df05ed4e46440f45ecb32346531083690fc1209f1e1dd5fdb9082b071283
                                                  • Opcode Fuzzy Hash: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
                                                  • Instruction Fuzzy Hash: 8E518133A1874AC6D660EB65E54026E77B4F788B94F140534DB8D87B9AEF7CE460DB00
                                                  APIs
                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00007FF63D9A17EB
                                                  • WSAStartup.WS2_32 ref: 00007FF63D9A186C
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A1475
                                                    • Part of subcall function 00007FF63D9A1450: fprintf.MSPDB140-MSVCRT ref: 00007FF63D9A1485
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A1494
                                                    • Part of subcall function 00007FF63D9A1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14B3
                                                    • Part of subcall function 00007FF63D9A1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14BE
                                                    • Part of subcall function 00007FF63D9A1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63D9A14C7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$StartupXinvalid_argument__stdio_common_vfprintffflushfprintfstd::_
                                                  • String ID: --name$Pipe syntax in dump name not supported$string too long
                                                  • API String ID: 1412700758-3183687674
                                                  • Opcode ID: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
                                                  • Instruction ID: 6ee79e6ac15421795128606a8383bd4f7509b2f3856b6066ecf8b28ba8eb230e
                                                  • Opcode Fuzzy Hash: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
                                                  • Instruction Fuzzy Hash: D5012823E089C9A5F7619F92EC417FA6350BB48794F400032EE0C5B79ADE3CD486C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastgethostname
                                                  • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                  • API String ID: 3782448640-4114407318
                                                  • Opcode ID: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
                                                  • Instruction ID: c09e2dccaeaa2439ab3a6cf9696aa2120a96bfc43131b010cac1d812d8a64586
                                                  • Opcode Fuzzy Hash: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
                                                  • Instruction Fuzzy Hash: 7C11EC13E0954A45F7499BA1A8507FA23909F857B4F002235D95FAB3DFFD3CD456A340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: terminate
                                                  • String ID: MOC$RCC$csm
                                                  • API String ID: 1821763600-2671469338
                                                  • Opcode ID: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
                                                  • Instruction ID: 2e4528e2e7bebdb67c18dd8111f71ae614f649c908318fb78954d3cdb9c83c6e
                                                  • Opcode Fuzzy Hash: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
                                                  • Instruction Fuzzy Hash: 98F08C37D0824EC1E7646BF1A64106C3264EF68B48F085431D70C863DBEF7CE4A0A602
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(-3333333333333333,?,00000000,00007FF63D9A18EE), ref: 00007FF63D9A21E0
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63D9A221E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                  • String ID: Invalid process id '%d' error %d
                                                  • API String ID: 73155330-4244389950
                                                  • Opcode ID: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
                                                  • Instruction ID: 81bbeed026057dfa8c41c663e45bdad41b0f3ada31bf99eb2f0e07639943df2d
                                                  • Opcode Fuzzy Hash: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
                                                  • Instruction Fuzzy Hash: 3E31F523F0978985EE148F9595442B963A1AB05BD0F581631DF5D4FBDEEE7CE260A300
                                                  APIs
                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF63D9A173F), ref: 00007FF63D9A3FC8
                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF63D9A173F), ref: 00007FF63D9A400E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.1940677908.00007FF63D9A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D9A0000, based on PE: true
                                                  • Associated: 00000009.00000002.1940505542.00007FF63D9A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940697022.00007FF63D9A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940726847.00007FF63D9AC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000009.00000002.1940756933.00007FF63D9AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_7ff63d9a0000_createdump.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
                                                  • Instruction ID: 4d1b59cf33b98c49adb5e33cfc223ee2c693b169ca88d1b58b209e67df052570
                                                  • Opcode Fuzzy Hash: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
                                                  • Instruction Fuzzy Hash: 61113D32E18B4582EB108B65F440269B7A0FB88B88F184230EE8D47B99EF3DD555C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$HandleModule
                                                  • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                  • API String ID: 667068680-295688737
                                                  • Opcode ID: 1a417b50dcafad6159ae4e9598c744832c3e05bb208c0b36a963ca790b9c9f82
                                                  • Instruction ID: 4df6ef6dd908e9ac89a443b0c3abb15ee60056be3b2d22db3c816af3f1eb7920
                                                  • Opcode Fuzzy Hash: 1a417b50dcafad6159ae4e9598c744832c3e05bb208c0b36a963ca790b9c9f82
                                                  • Instruction Fuzzy Hash: FFA187A8A09F0793FF049B55B8A816423A7FF49B85BA49035C84F4F634EF7CA159C390
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                                                  • API String ID: 2943138195-2884338863
                                                  • Opcode ID: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
                                                  • Instruction ID: b6a26b9f7663ff31143d85902616c50452e36a479cdba093dd76eb91f61537e6
                                                  • Opcode Fuzzy Hash: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
                                                  • Instruction Fuzzy Hash: 3192B5B2B1CB8286E741DB15E4802BEB7A0FB84764F1011B6FA8D43AA9DF7CD554CB40
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: 625aac92204013468fe8223eb15e1ba7ebfd8b89c7a9e3aeafc43f7ef7cdf4cb
                                                  • Instruction ID: 557ba268821e123c69060fa1a0f4507362ed80d941e526980e5042449c03dd89
                                                  • Opcode Fuzzy Hash: 625aac92204013468fe8223eb15e1ba7ebfd8b89c7a9e3aeafc43f7ef7cdf4cb
                                                  • Instruction Fuzzy Hash: 12A26A22609B8982EF24CF19E4903A9B760FB89F91F548136DA8D4BB75DF7DD489C700
                                                  APIs
                                                  • memchr.VCRUNTIME140 ref: 00007FFE014230AA
                                                  • memchr.VCRUNTIME140 ref: 00007FFE01423470
                                                  • memchr.VCRUNTIME140 ref: 00007FFE014236A5
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0142410D
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01424114
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0142411B
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01424122
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01424129
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01424130
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01424137
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0142413E
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01424145
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0142414C
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014242D3
                                                    • Part of subcall function 00007FFE01401DA0: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE013FC320), ref: 00007FFE01401DFB
                                                    • Part of subcall function 00007FFE01401DA0: memset.VCRUNTIME140(?,?,?,?,?,00007FFE013FC320), ref: 00007FFE01401E08
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memchr$memmovememset
                                                  • String ID: 0123456789-
                                                  • API String ID: 3572500260-3850129594
                                                  • Opcode ID: d35c0aa2dbe6bef1c21aeadcae62e204cf145927830be9a549f55e2bcd8d03b6
                                                  • Instruction ID: 5dceff8b9885f9c8b9cb75c0bd9ae5eaa65d60152c9edb4773cd540e3e34e2ce
                                                  • Opcode Fuzzy Hash: d35c0aa2dbe6bef1c21aeadcae62e204cf145927830be9a549f55e2bcd8d03b6
                                                  • Instruction Fuzzy Hash: D2E2CB22A09A858AEB008F6AD4543BC37B1FB69B98F958131DA5E0B7F5CF7DD485C301
                                                  APIs
                                                    • Part of subcall function 00000001400078C0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007901
                                                    • Part of subcall function 00000001400078C0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 0000000140007920
                                                    • Part of subcall function 00000001400078C0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007954
                                                    • Part of subcall function 00000001400078C0: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 000000014000798B
                                                    • Part of subcall function 00000001400078C0: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00000001400079A5
                                                    • Part of subcall function 00000001400078C0: ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007A52
                                                    • Part of subcall function 00000001400078C0: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007A5C
                                                  • OpenEventA.KERNEL32 ref: 00000001400083D0
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140008411
                                                  • OpenEventA.KERNEL32 ref: 0000000140008454
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140008495
                                                  • CloseHandle.KERNEL32 ref: 00000001400084B4
                                                    • Part of subcall function 0000000140007A80: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007AC1
                                                    • Part of subcall function 0000000140007A80: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 0000000140007AE0
                                                    • Part of subcall function 0000000140007A80: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007B14
                                                    • Part of subcall function 0000000140007A80: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007B4B
                                                    • Part of subcall function 0000000140007A80: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007B65
                                                    • Part of subcall function 0000000140007A80: ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007C12
                                                    • Part of subcall function 0000000140007A80: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007C1C
                                                  • OpenFileMappingA.KERNEL32 ref: 00000001400084F4
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140008535
                                                  • CloseHandle.KERNEL32 ref: 0000000140008554
                                                  • CloseHandle.KERNEL32 ref: 0000000140008561
                                                  • MapViewOfFile.KERNEL32 ref: 0000000140008592
                                                  • CloseHandle.KERNEL32 ref: 00000001400085AB
                                                  • CloseHandle.KERNEL32 ref: 00000001400085B8
                                                  • CloseHandle.KERNEL32 ref: 00000001400085C5
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$CloseHandle$??6?$basic_ostream@V01@$Open_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@D@std@@@1@_EventFileV?$basic_streambuf@$MappingView
                                                  • String ID:
                                                  • API String ID: 1089015687-0
                                                  • Opcode ID: 4d9b3b5a05dfcd3b5adb74b265c387ef6eaa0f54ca24a06f19f44a4b42ba6f32
                                                  • Instruction ID: fd742db5588232a2ef73a73be7c7ffe6f8b637fdc8693f60d02eba1a373aa13c
                                                  • Opcode Fuzzy Hash: 4d9b3b5a05dfcd3b5adb74b265c387ef6eaa0f54ca24a06f19f44a4b42ba6f32
                                                  • Instruction Fuzzy Hash: 93613DB1210A4482FB17DB27F85539963A2BB8EBE4F404215FB9E4B7B6DE3DC1818700
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: File$CloseCreateHandleMappingView_invalid_parameter_noinfo_noreturnmemcpymemset$Unmap
                                                  • String ID:
                                                  • API String ID: 2074253140-0
                                                  • Opcode ID: 248562b180913051027df7d67dc26e8880a830f3431ddf242cd1cb9815f0a7d3
                                                  • Instruction ID: c383ff2e5a2ae1bd4c41fba5bb50c967b221784ccd91ddafc61d096c64d59825
                                                  • Opcode Fuzzy Hash: 248562b180913051027df7d67dc26e8880a830f3431ddf242cd1cb9815f0a7d3
                                                  • Instruction Fuzzy Hash: F471AA71305A4185FB22CB56F8907E973A2FB8DBD4F404225ABAD4B7B9DE3DC0818704
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: iswdigit$btowclocaleconv
                                                  • String ID: 0$0
                                                  • API String ID: 240710166-203156872
                                                  • Opcode ID: 6d10a43a2e0729525a5e450b2b58bb3a00705f545e81967332835754c66a4960
                                                  • Instruction ID: 4fdc607cc9020e3c6bcd55aa2cf4d305a6edeff264e7ee3c7d70554d3ce17969
                                                  • Opcode Fuzzy Hash: 6d10a43a2e0729525a5e450b2b58bb3a00705f545e81967332835754c66a4960
                                                  • Instruction Fuzzy Hash: E6811672A1854687E7219F25E85037E73A1FFA0B49F884135DB8E4A2B0EF7CE885C701
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0123456789-+Ee
                                                  • API String ID: 0-1347306980
                                                  • Opcode ID: eb32ccacec42567cb68557178e27677abe53c2207ecc5e66019c7fa00c927496
                                                  • Instruction ID: f68a261bd852d8f837c0e19ed4911de76981db4691d01db98844451a9c533627
                                                  • Opcode Fuzzy Hash: eb32ccacec42567cb68557178e27677abe53c2207ecc5e66019c7fa00c927496
                                                  • Instruction Fuzzy Hash: 2FC2CE26A09AC58AEB51AF69D05427C37A1FB01F84F559039DA5E2F7B1CF3DE866C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memchr$isdigit$localeconv
                                                  • String ID: 0$0123456789abcdefABCDEF
                                                  • API String ID: 1981154758-1185640306
                                                  • Opcode ID: 7f4d3f4cda3057e8bb873c227443bc4d4481c724c8c1a0508f868d6b310f8973
                                                  • Instruction ID: 294fd90076718d61af4f632cad438c69aeb58fcfc34e97b1e8f6545b4ebef35b
                                                  • Opcode Fuzzy Hash: 7f4d3f4cda3057e8bb873c227443bc4d4481c724c8c1a0508f868d6b310f8973
                                                  • Instruction Fuzzy Hash: 94914C22A0C5A647FB258F24E81037E7B91FB55B48F989034DE8E4BA75DA3CE885C741
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memchr$_invalid_parameter_noinfo_noreturn$localeconv
                                                  • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                  • API String ID: 2141594249-3606100449
                                                  • Opcode ID: e41ac7df23ae4e47cc8235113ca0bfaf537e11f38443c942c12ae7e9b511fdcc
                                                  • Instruction ID: db4e984a9c263695f3a8ba49362045eedbc53c1fd2a1040ae74319e0a808f2bd
                                                  • Opcode Fuzzy Hash: e41ac7df23ae4e47cc8235113ca0bfaf537e11f38443c942c12ae7e9b511fdcc
                                                  • Instruction Fuzzy Hash: 2DD29D22A09AC58AEB51AF6AD19417C3761FB41F84B568039DB5E2F7B1CF3DE856C300
                                                  APIs
                                                  • _Find_elem.LIBCPMT ref: 00007FFE01412C08
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014135B9
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014135C0
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014135C7
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01413776
                                                    • Part of subcall function 00007FFE01401DA0: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE013FC320), ref: 00007FFE01401DFB
                                                    • Part of subcall function 00007FFE01401DA0: memset.VCRUNTIME140(?,?,?,?,?,00007FFE013FC320), ref: 00007FFE01401E08
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Find_elemmemmovememset
                                                  • String ID: 0123456789-
                                                  • API String ID: 2779821303-3850129594
                                                  • Opcode ID: 8b22372819934a5f3343a781071aa47f52bcb789ae67cf9bb87e88e050bf4df3
                                                  • Instruction ID: 79c48f54706bb3c3d8fe017bab2531652ffed459b54e8975a928d315b9107b19
                                                  • Opcode Fuzzy Hash: 8b22372819934a5f3343a781071aa47f52bcb789ae67cf9bb87e88e050bf4df3
                                                  • Instruction Fuzzy Hash: 27E2BD26A19A958AEB508F29D09067D3BB5FF44B94F649036EE4E4B7B4CF7CD881C700
                                                  APIs
                                                  • _Find_elem.LIBCPMT ref: 00007FFE01411660
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01412011
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01412018
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0141201F
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014121CE
                                                    • Part of subcall function 00007FFE01401DA0: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE013FC320), ref: 00007FFE01401DFB
                                                    • Part of subcall function 00007FFE01401DA0: memset.VCRUNTIME140(?,?,?,?,?,00007FFE013FC320), ref: 00007FFE01401E08
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Find_elemmemmovememset
                                                  • String ID: 0123456789-
                                                  • API String ID: 2779821303-3850129594
                                                  • Opcode ID: 8f17ecccf26e5bf9b8486391f160b62f5bd052ff72dc6714c9cd1cb8630ff85f
                                                  • Instruction ID: 5c694c9f278c5933c7cdab3e7e0cb9f3f1712e437ee6d40e25514ed737c9c78a
                                                  • Opcode Fuzzy Hash: 8f17ecccf26e5bf9b8486391f160b62f5bd052ff72dc6714c9cd1cb8630ff85f
                                                  • Instruction Fuzzy Hash: DCE25B26A19A9586EB508F29D0906BD3BA5FB44F84F549036EF4E4BBB5CF3DD881C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: iswdigit$localeconv
                                                  • String ID: 0$0$0123456789abcdefABCDEF
                                                  • API String ID: 2634821343-613610638
                                                  • Opcode ID: ef6e88c2ac66dbb2dc6f71add4529d20562eeee7ef954e087c575f318f21fae7
                                                  • Instruction ID: a36eb8b20c31605d4ec5c381886602c534c567d89fe72b762ea0012c6a386fe2
                                                  • Opcode Fuzzy Hash: ef6e88c2ac66dbb2dc6f71add4529d20562eeee7ef954e087c575f318f21fae7
                                                  • Instruction Fuzzy Hash: C9810662E0855687EB258F24D85067E77A1FB64B44F888131DF8E4B6B4EB3CE885C781
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Findmemmove$CloseFileFirst_invalid_parameter_noinfo_noreturnwcscpy_s
                                                  • String ID: .$.
                                                  • API String ID: 479945582-3769392785
                                                  • Opcode ID: a01e0a977a9af12dc1c55ee5378fd02f318c79ea85c08ca58cd526e5b6b49644
                                                  • Instruction ID: 8275e18b30337a806bee0acb97c89ac6f28bcb3c1c654e6afb6dbbf6f28341cc
                                                  • Opcode Fuzzy Hash: a01e0a977a9af12dc1c55ee5378fd02f318c79ea85c08ca58cd526e5b6b49644
                                                  • Instruction Fuzzy Hash: 3641A222A1868186EB20EF65E8447B97361FB847A4F514235EBAD2B7E4DF7CD485CB00
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0123456789-+Ee
                                                  • API String ID: 0-1347306980
                                                  • Opcode ID: 61169c13199ed3d4064c93d2927a221ce72fd01a5b7481abd011cde4234e52e5
                                                  • Instruction ID: 8d055d28b228897768d62d149e83ee2d30a5676b3d6d8254119562ae02dcef01
                                                  • Opcode Fuzzy Hash: 61169c13199ed3d4064c93d2927a221ce72fd01a5b7481abd011cde4234e52e5
                                                  • Instruction Fuzzy Hash: C9C26D2AA09A4686EB668F5AD05017D37A1FB54F84B948439DE4E0F7B0CF3DECA5D304
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0123456789-+Ee
                                                  • API String ID: 0-1347306980
                                                  • Opcode ID: 84a532bee9db7ff1801f6eb5ad8858bda123076906ee73766687b81cab70c0c4
                                                  • Instruction ID: 8c56d474226868440dbefd95ca10d49721b9bd82947f2d71860e8869346fa0f2
                                                  • Opcode Fuzzy Hash: 84a532bee9db7ff1801f6eb5ad8858bda123076906ee73766687b81cab70c0c4
                                                  • Instruction Fuzzy Hash: 68C26C36A09A42C6EB628F9AD19017D3761FB44B84B949179DE4E0B7B0CF3DECA5D700
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014165AB
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0141663D
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014166E0
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01416B9C
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01416BEE
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01416C35
                                                    • Part of subcall function 00007FFE0141EBA4: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE0140923E), ref: 00007FFE0141EC08
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memmove
                                                  • String ID:
                                                  • API String ID: 15630516-0
                                                  • Opcode ID: e7c5cf994c53a8d34ab9bbf7dabb86085dad5b0e8b7200d4631a4a7f83e36980
                                                  • Instruction ID: 78d0c767cc6aef04b28ef4b82da5f093593601aaf8168ed9f3edc2fd46092fe2
                                                  • Opcode Fuzzy Hash: e7c5cf994c53a8d34ab9bbf7dabb86085dad5b0e8b7200d4631a4a7f83e36980
                                                  • Instruction Fuzzy Hash: FF529162A18B8586EB10CF29D4442BD6761FB84B98F519131EF8D1BBB9EF7CE584C340
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01416EF7
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01416F89
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0141702C
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014174E8
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0141753A
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01417581
                                                    • Part of subcall function 00007FFE0141EBA4: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE0140923E), ref: 00007FFE0141EC08
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memmove
                                                  • String ID:
                                                  • API String ID: 15630516-0
                                                  • Opcode ID: 0ed4efa0e723ec66b9d32ca45bc00d48bf62a8002029bc65276bd7ef6197e338
                                                  • Instruction ID: 748e48816144f59f553dfeed9376feca39e37365202c8ee98ff7e6f20934d904
                                                  • Opcode Fuzzy Hash: 0ed4efa0e723ec66b9d32ca45bc00d48bf62a8002029bc65276bd7ef6197e338
                                                  • Instruction Fuzzy Hash: AE527062A18B8586EB10CF29D4442BD7761FB84B99F519132EB8D0BBB5EF3CE585C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrow$MemoryRecycle@Recycler@allocator@dvacore@@$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1799700165-0
                                                  • Opcode ID: 1e0f847dc2a3782aeec25429ae73e6995e61774d856b1c67513bc286b7878ef0
                                                  • Instruction ID: 3a6b280c2881091f38a62e61b74d670a019ca3ad59059a788fa850ef2ffa55ac
                                                  • Opcode Fuzzy Hash: 1e0f847dc2a3782aeec25429ae73e6995e61774d856b1c67513bc286b7878ef0
                                                  • Instruction Fuzzy Hash: D52112B5611A80CAE71DEE37A8523EA1362E79C7C4F149536BF594FAAEDE31C4218340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$localeconv
                                                  • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                  • API String ID: 1825414929-3606100449
                                                  • Opcode ID: ddd61782d9e4402da2bcb03becf798ae66cc8a3793171496245683449c1d3606
                                                  • Instruction ID: 267eae5ab12513735773ca69f8d10b63c73a63b502ed64d25f08d25bbd7a9c0d
                                                  • Opcode Fuzzy Hash: ddd61782d9e4402da2bcb03becf798ae66cc8a3793171496245683449c1d3606
                                                  • Instruction Fuzzy Hash: 4FD23826A09A8686EB568FDAD09017C3361FB54F84B549039DE5E0B7B4CF3DEC9AD310
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$localeconv
                                                  • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                  • API String ID: 1825414929-3606100449
                                                  • Opcode ID: a2c3201d2fc563089677c4d096e338824b1e6b1947c9be9f1e037a0ad47d033a
                                                  • Instruction ID: a0691aeee1927ac17dff4f9d2aaff7f225d043045f6fb6d4fc975eee95b5f54d
                                                  • Opcode Fuzzy Hash: a2c3201d2fc563089677c4d096e338824b1e6b1947c9be9f1e037a0ad47d033a
                                                  • Instruction Fuzzy Hash: 30D25926A09A4686EB528F9AD19017C3761FB40F84B549839DF5E1B7B0CF3DECA6D310
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                  • String ID:
                                                  • API String ID: 1326169664-0
                                                  • Opcode ID: 783457af80c481001cb1b660d8feb6d32373102862bcd1e22f858f5bb513e186
                                                  • Instruction ID: 15e3bb1d1e740cde8be907a6ea62339ac50dc69c79779b2982dc86070a051ca5
                                                  • Opcode Fuzzy Hash: 783457af80c481001cb1b660d8feb6d32373102862bcd1e22f858f5bb513e186
                                                  • Instruction Fuzzy Hash: CFE15B22B19B5686EB11DFA6D4401AC73B2FB48B98B514136DE4D2BBB9DF3CD54AC300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                  • String ID:
                                                  • API String ID: 1326169664-0
                                                  • Opcode ID: c9b269725f1782d793a8576024f372466b88fd7c981d9a4f9aba4a5e47c554f3
                                                  • Instruction ID: 3c6fbb5760a0435cd1b2de23b39ed78b4ee84ecf8d135b80596b324515fa34f0
                                                  • Opcode Fuzzy Hash: c9b269725f1782d793a8576024f372466b88fd7c981d9a4f9aba4a5e47c554f3
                                                  • Instruction Fuzzy Hash: 7DE15C22B09B5686FB11DBA6D4401AC7372FB48B98B51413ADE4D1BBB9DF3CD84AC300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memchr
                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                  • API String ID: 2740501399-2799312399
                                                  • Opcode ID: 334d7375eb303fb89c7eac9aa9134fe4ac750cac4b38891268b2b9077aa0e199
                                                  • Instruction ID: fdf844f9999b0aa64c981cf4e1719c09e3a2cc4450d4874ea3da9a76e1629970
                                                  • Opcode Fuzzy Hash: 334d7375eb303fb89c7eac9aa9134fe4ac750cac4b38891268b2b9077aa0e199
                                                  • Instruction Fuzzy Hash: C052AF22B09AC68AFB519F29D05027C37A1BB05B84B568439DE5D2F7B5CF3DE866D300
                                                  APIs
                                                    • Part of subcall function 00007FFE01427600: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFE013F3887,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFE0142760F
                                                    • Part of subcall function 00007FFE013FF6B0: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00007FFE01424C66,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE66), ref: 00007FFE013FF6FC
                                                  • _W_Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE77), ref: 00007FFE01415F35
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE77), ref: 00007FFE01415F4A
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE77), ref: 00007FFE01415F58
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Gettnames_lock_localesrealloc
                                                  • String ID:
                                                  • API String ID: 3705959680-0
                                                  • Opcode ID: 7ad6bab48188330933ca28c44cb2edb3a07c4697b0200e124c8200cfab4ddd97
                                                  • Instruction ID: 911489c45996b86c180fcf0db2ace2aa41c70c0d3ebd91cae5acb811dd4c36aa
                                                  • Opcode Fuzzy Hash: 7ad6bab48188330933ca28c44cb2edb3a07c4697b0200e124c8200cfab4ddd97
                                                  • Instruction Fuzzy Hash: 6E821762E09B4285FB56DF25E8402B937A1FF95B84F844135EA0E5E3B6EF3CE4818744
                                                  APIs
                                                    • Part of subcall function 00007FFE01427600: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFE013F3887,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFE0142760F
                                                    • Part of subcall function 00007FFE013FF6B0: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00007FFE01424C66,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE66), ref: 00007FFE013FF6FC
                                                  • _W_Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE88), ref: 00007FFE01415245
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE88), ref: 00007FFE0141525A
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE88), ref: 00007FFE01415268
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Gettnames_lock_localesrealloc
                                                  • String ID:
                                                  • API String ID: 3705959680-0
                                                  • Opcode ID: 0ef1217963bc5369e530805c846e4e35e9f3bfe495b111f51aa893b008085351
                                                  • Instruction ID: b126b822032464e2610a96b727943718053427825fae5298d6aa3abb964c4528
                                                  • Opcode Fuzzy Hash: 0ef1217963bc5369e530805c846e4e35e9f3bfe495b111f51aa893b008085351
                                                  • Instruction Fuzzy Hash: 75821961E09B4285FB52DF25D8502B937A6BF94B84F894135EA0E5F3B6EF3CE4818740
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ErrorFormatLastMessage
                                                  • String ID: GetLastError() = 0x%X
                                                  • API String ID: 3479602957-3384952017
                                                  • Opcode ID: 533f244192b844ab0e5322b55a0908537ce0e59edb07c36591f8c56ca1e43e48
                                                  • Instruction ID: 03957f339625c86e619908699dc07c15f857aa178ffe48bb474e222578fe156c
                                                  • Opcode Fuzzy Hash: 533f244192b844ab0e5322b55a0908537ce0e59edb07c36591f8c56ca1e43e48
                                                  • Instruction Fuzzy Hash: 63219032A18BC083E7118B2AE400399B7A4F7D97A4F159315EBE8036E9EB78C545CB40
                                                  APIs
                                                    • Part of subcall function 00007FFE01421E70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE01421F72
                                                    • Part of subcall function 00007FFE01427600: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFE013F3887,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFE0142760F
                                                  • _Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE66,?,?,?,?,?,?,?,00007FFE013FF7E7), ref: 00007FFE01424BCF
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE66,?,?,?,?,?,?,?,00007FFE013FF7E7), ref: 00007FFE01424BE4
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00007FFE013FFE66,?,?,?,?,?,?,?,00007FFE013FF7E7), ref: 00007FFE01424BF3
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Gettnames_invalid_parameter_noinfo_noreturn_lock_locales
                                                  • String ID:
                                                  • API String ID: 962949324-0
                                                  • Opcode ID: 9043c148ef2010f2f70542ae66fbae61dbafe72389065f2e9820c01ca38feb3f
                                                  • Instruction ID: 7136e14f5a15320971dc6b792c29ca5615029707810a2edc5c2ddf5da90167c7
                                                  • Opcode Fuzzy Hash: 9043c148ef2010f2f70542ae66fbae61dbafe72389065f2e9820c01ca38feb3f
                                                  • Instruction Fuzzy Hash: E9325925A09B0285FB51DF25E8441B937A6FFA4B84B894035EA0E4F7B6EF3CE4818341
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014146ED
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE0141473B
                                                    • Part of subcall function 00007FFE0141EBA4: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE0140923E), ref: 00007FFE0141EC08
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memmove
                                                  • String ID:
                                                  • API String ID: 15630516-0
                                                  • Opcode ID: 1817784f6398934f17b5c1fc1ff89bd583d97d098454ec25b1b77ff5e7fd5979
                                                  • Instruction ID: a5d8537b2bb3b91d4c92feec80caa1742e4585bd9571a2363e8f82915d766a40
                                                  • Opcode Fuzzy Hash: 1817784f6398934f17b5c1fc1ff89bd583d97d098454ec25b1b77ff5e7fd5979
                                                  • Instruction Fuzzy Hash: 6DD14B22B09B9686FB10CFA5D5402AC6372EB48B98F454532DE5D2BBB9DF3CE459C340
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014142AD
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE014142FB
                                                    • Part of subcall function 00007FFE0141EBA4: memmove.VCRUNTIME140(?,?,?,?,?,00007FFE0140923E), ref: 00007FFE0141EC08
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memmove
                                                  • String ID:
                                                  • API String ID: 15630516-0
                                                  • Opcode ID: 70949c3398483ff70a12550df118893d792e665d376b62c76c52efba2ac503dc
                                                  • Instruction ID: 72bb24b7e968e5676f360831866536c7f7df2e16f6271fb8285e948d4939a777
                                                  • Opcode Fuzzy Hash: 70949c3398483ff70a12550df118893d792e665d376b62c76c52efba2ac503dc
                                                  • Instruction Fuzzy Hash: 22D14A22B09B5686FB10CFA5D5542AC63B2EB48B98F454132DE4D2BBB9DF3CE449C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemset
                                                  • String ID:
                                                  • API String ID: 1654775311-0
                                                  • Opcode ID: 3bb2f117e79a6117f4b3e6bec958f3e8dd8a5256ef2b4fbbdb6ff607e8307e28
                                                  • Instruction ID: 1fb699311109f47b8383a1e2d679b76a42f723b0c56a2d3a631fb20cf7476a43
                                                  • Opcode Fuzzy Hash: 3bb2f117e79a6117f4b3e6bec958f3e8dd8a5256ef2b4fbbdb6ff607e8307e28
                                                  • Instruction Fuzzy Hash: 79A1C462F096A285FB119BA6D4506BC37A1BB45B98F564039DE4E1FBB5CF3CD861C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemset
                                                  • String ID:
                                                  • API String ID: 1654775311-0
                                                  • Opcode ID: bf0ab77b0a149fc6d94544591d1063178ea26d8df0c271da4e2e244d29e0210e
                                                  • Instruction ID: c313af9479ceafabf99280874f5f5ea31e3857a27d0d06bb6360d12ce506ed01
                                                  • Opcode Fuzzy Hash: bf0ab77b0a149fc6d94544591d1063178ea26d8df0c271da4e2e244d29e0210e
                                                  • Instruction Fuzzy Hash: 68A19362F096A286FB118BA6E4506BC37A1BB55B98F554039DE4E1FBB4DF3C9851C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: DiskFreeSpace_invalid_parameter_noinfo_noreturnmemcpymemmove
                                                  • String ID:
                                                  • API String ID: 1762017149-0
                                                  • Opcode ID: 827df29a678acc914af5be89dffc283827e20f4d23f778d148b3d3d85d1eca23
                                                  • Instruction ID: 61629fd60b6159e3f4045915ccedf8196e816c7c6fcc868f0c3eeb29ab77bbe3
                                                  • Opcode Fuzzy Hash: 827df29a678acc914af5be89dffc283827e20f4d23f778d148b3d3d85d1eca23
                                                  • Instruction Fuzzy Hash: F4416D22B14B8598FB00DFA1D8406AC3BB5FB48BA8F555629DE5D27BA8DF7CD085C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: InfoLocale___lc_locale_name_func
                                                  • String ID:
                                                  • API String ID: 3366915261-0
                                                  • Opcode ID: 3e40630636000809c6d9659657ca5a03c54b2732f7ac185b8b22ed8b0cae339b
                                                  • Instruction ID: dcd277f1727c33cf4c0dcbf07359ee9b4be2fd4d0c3c0a78fc2d22a5e00c5508
                                                  • Opcode Fuzzy Hash: 3e40630636000809c6d9659657ca5a03c54b2732f7ac185b8b22ed8b0cae339b
                                                  • Instruction Fuzzy Hash: 81F039B6E2C14283E7A85B28E4697392B60FB4474AF400136E90F4E6B4CF6DE94ED741
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 490b69e3f64545fc7107fda2974fd4c758ae200a4b3fb0a3bcced098a6adbd7f
                                                  • Instruction ID: 2bbc3db8710b2d842226b35d564bc0757b78124e8338025138170a4776a47086
                                                  • Opcode Fuzzy Hash: 490b69e3f64545fc7107fda2974fd4c758ae200a4b3fb0a3bcced098a6adbd7f
                                                  • Instruction Fuzzy Hash: 01020326A19A468AEB618F29D45037D33A1FB54F88F549032EA4E1F7B5CF3DD886C350
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 273c5d5c9889e952b952b96b3bc08a476687163d48385abf90dbb02fbf949202
                                                  • Instruction ID: 65f20101e7501427282c299a2831c4a9abc4750940e4f43d0da71b9a0aa784c0
                                                  • Opcode Fuzzy Hash: 273c5d5c9889e952b952b96b3bc08a476687163d48385abf90dbb02fbf949202
                                                  • Instruction Fuzzy Hash: E8026E22A09A4689EB518F2AD45077C37A1FB64F98F949131CA4E4F7B5CFBDD882C311
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _lock_locales
                                                  • String ID:
                                                  • API String ID: 3756862740-0
                                                  • Opcode ID: 85b2e6f20d520520c454e61672524edf6e50b3cd1591f460d66584399821aa3d
                                                  • Instruction ID: 3b7e7ffa4f940b4d69a81e245852395385cf6753d50ee24bad1702c89a7960d6
                                                  • Opcode Fuzzy Hash: 85b2e6f20d520520c454e61672524edf6e50b3cd1591f460d66584399821aa3d
                                                  • Instruction Fuzzy Hash: 4DE15C22E09B8285FB56AF25A8401B933A5EF54BD0F454139ED4E5F7B6DF3CE4428740
                                                  APIs
                                                  • memset.VCRUNTIME140 ref: 000000014000475B
                                                    • Part of subcall function 0000000140002D40: memcmp.VCRUNTIME140 ref: 0000000140002DFA
                                                    • Part of subcall function 0000000140002D40: memcmp.VCRUNTIME140 ref: 0000000140002E4B
                                                    • Part of subcall function 0000000140002D40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140002EA0
                                                  • ?RationalApproximation@utility@dvacore@@YA?AV?$rational@H@boost@@N@Z.DVACORE ref: 0000000140004866
                                                    • Part of subcall function 00000001400054B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400055FA
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140004A15
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memcmp$Approximation@utility@dvacore@@H@boost@@RationalV?$rational@memset
                                                  • String ID: brightness$camera_firmware_version$camera_id$channel_mask$clip_id$contrast$digital_gain_blue$digital_gain_green$digital_gain_red$exposure_compensation$exposure_time$framerate_denominator$framerate_numerator$genlock_setting$gmt_date$gmt_time$iso$jamsync_setting$local_date$local_time$pixel_aspect_ratio$reel_id_full$sample_size$samplerate$saturation$sensor_id$sensor_name$shutter_degrees$shutter_fractions$shutter_phase_offset$user_timecode_preference$white_balance_kelvin$white_balance_tint
                                                  • API String ID: 2423274481-1946953090
                                                  • Opcode ID: 0499f14b0a241427102cfa2d74840572fa528df2e1b2e365dfdb7355d6aebae0
                                                  • Instruction ID: 3df9d643723a61ec3293b9608ef6f05312d7ec0c5a500361e19cd6c4bd00b042
                                                  • Opcode Fuzzy Hash: 0499f14b0a241427102cfa2d74840572fa528df2e1b2e365dfdb7355d6aebae0
                                                  • Instruction Fuzzy Hash: 2C32FAB1204A4091EB07EF27E5913EA2762AB8EBD8F444522FB5D4F7B7EE39C5458340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                  • API String ID: 2943138195-1388207849
                                                  • Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                  • Instruction ID: 1f676d6e16aa6a2699a040e0f9f6b17905a11fcb78648cf4b936e6efe7ab4705
                                                  • Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                  • Instruction Fuzzy Hash: 3EF19DB2F08E1294F755AB66C8442BC26B0BB01F64F4449F7CA1D97AB9DF3DA664C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: `anonymous namespace'
                                                  • API String ID: 2943138195-3062148218
                                                  • Opcode ID: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                  • Instruction ID: aa17e701eec8a89f978f16ee0dc0f4f9a748a799287ea09d2532b3a749971802
                                                  • Opcode Fuzzy Hash: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                  • Instruction Fuzzy Hash: 90E17AB2B08B8295EB10EF66E8801BD77B0FB44B68F4481B6EA4D57B65DF38D564C700
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400026F4
                                                  • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140002732
                                                  • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 000000014000274E
                                                  • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140002782
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z.MSVCP140 ref: 00000001400027D4
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400028A8
                                                  • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00000001400028DE
                                                  • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00000001400028FA
                                                  • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 000000014000292E
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z.MSVCP140 ref: 000000014000295A
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140002A28
                                                  • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140002A68
                                                  • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140002A72
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??6?$basic_ostream@D@std@@@1@@V01@V?$basic_streambuf@$??1?$basic_ios@??1?$basic_iostream@
                                                  • String ID: (
                                                  • API String ID: 703713002-3887548279
                                                  • Opcode ID: a51e6f4afcc7f66459f51ae41447ee0f1922736adf109acdab199dd96ca4b6be
                                                  • Instruction ID: baf078011914228b1285121be46ed74d2e86fc5146668a69ad3868f5cbe279a1
                                                  • Opcode Fuzzy Hash: a51e6f4afcc7f66459f51ae41447ee0f1922736adf109acdab199dd96ca4b6be
                                                  • Instruction Fuzzy Hash: 38D18DB2214B8495EB11CF6AE4903EE7761F789BD4F509206EB8E57BA9DF39C085C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Library$ByteCharErrorLastLoadMultiWide$AddressFreeProc
                                                  • String ID: [NOT FOUND ] %s
                                                  • API String ID: 2350601386-3340296899
                                                  • Opcode ID: 74af81471f36da6b6365bd660f41594699afc067cfa6bc1a7de6de52f9e3c134
                                                  • Instruction ID: 89755aee4be5230680617513bdac96f2938001ccf8c1f4c7198f5862e1eb9078
                                                  • Opcode Fuzzy Hash: 74af81471f36da6b6365bd660f41594699afc067cfa6bc1a7de6de52f9e3c134
                                                  • Instruction Fuzzy Hash: 84B1BE32605B9481FB169B26E54039D6761F788BE4F048615FBE90BBE6DFBAC5D0C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID:
                                                  • API String ID: 2943138195-0
                                                  • Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                  • Instruction ID: e92beea8d233fa579ddbbb0a83636ca7f0e9fab178687b9a742e8b7c7f0520f8
                                                  • Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                  • Instruction Fuzzy Hash: 54F18AB2F08B829AE701EF66D4901FC37B1EB04B58F4480F2EA4D57AA5DE38D569C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: __scrt_fastfail__scrt_is_nonwritable_in_current_image$__p___argc__p___argv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                                  • String ID:
                                                  • API String ID: 1818695170-0
                                                  • Opcode ID: 376eebb4fb24d29e766b84f712808a5b8edd27bee4d2d60ba3f24bdb6ed9fe8a
                                                  • Instruction ID: 023b0e87761b9852ca56ff973ea6cc8ec164607202ff5c8f9f76f90c0a7f0558
                                                  • Opcode Fuzzy Hash: 376eebb4fb24d29e766b84f712808a5b8edd27bee4d2d60ba3f24bdb6ed9fe8a
                                                  • Instruction Fuzzy Hash: BA315E3120520192FA5BEB67E5223E927A1AB9D7C4F444025BB994F2F7DE7FC805C351
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
                                                  • API String ID: 2943138195-2309034085
                                                  • Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                  • Instruction ID: ecb21210ebae98f05e1b43257bdc6b7954e0f60bbfdf2b840741a93ab9fa900a
                                                  • Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                  • Instruction Fuzzy Hash: 8FE19EA2F08E0295FB15FB66C9541BC27A0AF05F64F5401F7CA8D17AB9DE3CA56AC340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcmp$_invalid_parameter_noinfo_noreturn$clockmemcpymemset
                                                  • String ID: B8RB$MRDH$SideCarLut$flip_horizontal$flip_vertical
                                                  • API String ID: 140832405-680935841
                                                  • Opcode ID: 06e9629a2ab99d5d42601c21e60ac14b59a54217acd9ff7d7e9bc23951a6eb62
                                                  • Instruction ID: 18037ac5236aebefbc83965bda8a7e26ab6d0ca403e2fb1aff30bf3622b6eda0
                                                  • Opcode Fuzzy Hash: 06e9629a2ab99d5d42601c21e60ac14b59a54217acd9ff7d7e9bc23951a6eb62
                                                  • Instruction Fuzzy Hash: BD2270B2605BC485EB22DF2AE8413E93364F799798F449215EB9C5B7A6EF35C285C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 3436797354-393685449
                                                  • Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                  • Instruction ID: a6d83e2dcd125bfbc972fd24c4e86497a2278a726ab0540f8e308fdf58788eba
                                                  • Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                  • Instruction Fuzzy Hash: F2D15FB2B08B4186EB50AF66D4502BD77A4FB45FA8F0401B6EE4D57769CF38E5A4C700
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString
                                                  • String ID:
                                                  • API String ID: 3420081407-0
                                                  • Opcode ID: 64d7a9ff75df126491a65f553c0043b706980527a23c7bc451daead7a4e39c18
                                                  • Instruction ID: f4588367c80a70311fb496792d0b497f31fbce1798604a99e838af66e09d7a63
                                                  • Opcode Fuzzy Hash: 64d7a9ff75df126491a65f553c0043b706980527a23c7bc451daead7a4e39c18
                                                  • Instruction Fuzzy Hash: D4A1B162A086C2C6FF31AF2094107BB6692EF04BA4F454639DE5D2E7E5DF7CE8488340
                                                  APIs
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A87E), ref: 00007FFE01406971
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A87E), ref: 00007FFE0140698E
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE014069AA
                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A87E), ref: 00007FFE014069B3
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A87E), ref: 00007FFE014069D0
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE014069EC
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE01406A01
                                                    • Part of subcall function 00007FFE013F4D50: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D72
                                                    • Part of subcall function 00007FFE013F4D50: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D98
                                                    • Part of subcall function 00007FFE013F4D50: memcpy.VCRUNTIME140(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4DB0
                                                  Strings
                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE01406999
                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFE014069DB
                                                  • :AM:am:PM:pm, xrefs: 00007FFE014069FA
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                  • API String ID: 2460671452-35662545
                                                  • Opcode ID: bc039ad66d0ba42197648aeba787bff5dcb880db238b08c6fd2b2a1d39ca72aa
                                                  • Instruction ID: 6fc0ecaf11e29c266c4eb9242793c18c24ef1462f9275c2fa64a8a7e0099d474
                                                  • Opcode Fuzzy Hash: bc039ad66d0ba42197648aeba787bff5dcb880db238b08c6fd2b2a1d39ca72aa
                                                  • Instruction Fuzzy Hash: 85213C72A08F4182EB01DF25E4502A973A2FB98F84F458235DA4D4B776EF3CE595C380
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiStringWide$freemalloc$__strncnt
                                                  • String ID:
                                                  • API String ID: 1733283546-0
                                                  • Opcode ID: 42a443d3de6e803021fa83b4e3d70fb260ce748b00c348d1738fd123bc224fca
                                                  • Instruction ID: f3720c1b52b1a7f1b507ef972acd566c79e7636e4666c2bc111df6e799b42706
                                                  • Opcode Fuzzy Hash: 42a443d3de6e803021fa83b4e3d70fb260ce748b00c348d1738fd123bc224fca
                                                  • Instruction Fuzzy Hash: 30919032A08B82C7EB249F51D44077A67A1FB44BA4F554239EA5D6FBE8DF7CE4458300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_setw$Xp_setn$Xp_addx$Stofltisspaceisxdigit
                                                  • String ID:
                                                  • API String ID: 3166507417-0
                                                  • Opcode ID: eeccd80a1772d7853a0270f4fe0b41f7ed1c8d30b934100b37c1b0e1ad83ab26
                                                  • Instruction ID: b3e2560a6667ff7b24a38bdf76836af04701b456d5d14642d5bb4b5760f7902a
                                                  • Opcode Fuzzy Hash: eeccd80a1772d7853a0270f4fe0b41f7ed1c8d30b934100b37c1b0e1ad83ab26
                                                  • Instruction Fuzzy Hash: F5618322F086529AFB10DFA2D4801FD2761AB6874CF904536DE0D6BAB5DE3CE58EC701
                                                  APIs
                                                  • SetDllDirectoryW.KERNEL32 ref: 000000014000721A
                                                  • ?AppDir@Dir@filesupport@dvacore@@SA?AV123@XZ.DVACORE ref: 0000000140007225
                                                  • ?FullPath@Dir@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@std@@XZ.DVACORE ref: 0000000140007236
                                                  • ?UTF16to8@string@dvacore@@YA?AV?$basic_string@EU?$char_traits@E@std@@U?$SBAAllocator@E@allocator@dvacore@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@4@@Z.DVACORE ref: 0000000140007245
                                                  • ?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z.DVACORE ref: 0000000140007275
                                                  • ?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z.DVACORE ref: 00000001400072A6
                                                  • ??1Dir@filesupport@dvacore@@QEAA@XZ.DVACORE ref: 00000001400072B6
                                                  • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 0000000140007362
                                                  • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 0000000140007372
                                                  • ??1Dir@filesupport@dvacore@@QEAA@XZ.DVACORE ref: 000000014000738A
                                                    • Part of subcall function 0000000140008300: WaitForMultipleObjects.KERNEL32 ref: 0000000140008346
                                                    • Part of subcall function 0000000140008300: ResetEvent.KERNEL32 ref: 0000000140008355
                                                    • Part of subcall function 0000000140007850: UnmapViewOfFile.KERNEL32 ref: 0000000140007859
                                                    • Part of subcall function 0000000140007850: CloseHandle.KERNEL32 ref: 0000000140007866
                                                    • Part of subcall function 0000000140007850: UnmapViewOfFile.KERNEL32 ref: 0000000140007873
                                                    • Part of subcall function 0000000140007850: CloseHandle.KERNEL32 ref: 0000000140007880
                                                    • Part of subcall function 0000000140007850: CloseHandle.KERNEL32 ref: 000000014000788D
                                                    • Part of subcall function 0000000140007850: CloseHandle.KERNEL32 ref: 000000014000789A
                                                  • ??1Dir@filesupport@dvacore@@QEAA@XZ.DVACORE ref: 00000001400073F6
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Dir@filesupport@dvacore@@$CloseHandle$Allocator@_Allocator@allocator@dvacore@@BlockDispose@FileSmallU?$char_traits@_UnmapV?$basic_string@_ViewW@std@@atoi$Allocator@Dir@DirectoryE@allocator@dvacore@@@std@@E@std@@EventF16to8@string@dvacore@@FullMultipleObjectsPath@ResetU?$char_traits@V123@V?$basic_string@W@allocator@dvacore@@@4@@W@allocator@dvacore@@@std@@Wait
                                                  • String ID:
                                                  • API String ID: 2702579277-0
                                                  • Opcode ID: 437ed10fbc8756fbf1e60dd43fbd6bfbe9c17f37ca66854ce1b2d6d7d99f9aed
                                                  • Instruction ID: 4e02132fa2518a481f17a5c3ad5963577c23686a774b89ce01035fe16d76d46e
                                                  • Opcode Fuzzy Hash: 437ed10fbc8756fbf1e60dd43fbd6bfbe9c17f37ca66854ce1b2d6d7d99f9aed
                                                  • Instruction Fuzzy Hash: 09618EB2608A4082FB12CB26F8947EA67A2F78EBD0F505121FB9D476B5DF3DC5498700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: a4a40e9eea858fd0c97179975c5d6148b429b4e8a5f5b1eede2254ca8e2c8e71
                                                  • Instruction ID: d5f32a1580af344c128eb07461130b0a780cb29a97cd89ada5afa2f6e8f6ecc6
                                                  • Opcode Fuzzy Hash: a4a40e9eea858fd0c97179975c5d6148b429b4e8a5f5b1eede2254ca8e2c8e71
                                                  • Instruction Fuzzy Hash: 2F91A022A18A4A82EF64DF19E4913B97761FB80F88F548036CA4E4B7B5DF7DD446C300
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                  • API String ID: 0-3207858774
                                                  • Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                  • Instruction ID: 39fa4b15e6ae35a8a47f191e89300ea927501442fc37c2752eba87970adc2b12
                                                  • Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                  • Instruction Fuzzy Hash: 64919EA2B08E8699EB20EB62D4411B877B1AB45FA4F5881F3DA5D033B5DF3CE565C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+$Name::operator+=
                                                  • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                  • API String ID: 179159573-1464470183
                                                  • Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                  • Instruction ID: 723a31083c13f433bf19b98db3c0aab2968863a39aaade657d1a71d5e50b633f
                                                  • Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                  • Instruction Fuzzy Hash: 91517BB1F08B5299FB14EB66E8451BC37B0BB04BA8F5401B6EA0D53A68DF39E561C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_setw$Xp_setn$Xp_addx$iswspaceiswxdigit
                                                  • String ID:
                                                  • API String ID: 3781602613-0
                                                  • Opcode ID: e17196f95cdb0749357bc000aa5b227375a42e0ffcdbd2e50a85470c023663fa
                                                  • Instruction ID: 1d3eafeb9c56c4d7017c071ec4c2bbd9ff6b52b09cff560f3f9c7092ce2512f9
                                                  • Opcode Fuzzy Hash: e17196f95cdb0749357bc000aa5b227375a42e0ffcdbd2e50a85470c023663fa
                                                  • Instruction Fuzzy Hash: 62615122F085429AF721DFA2D4812FD2761EB64748F904536DE0D6BAB5DE3CE58EC701
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID:
                                                  • API String ID: 2943138195-0
                                                  • Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                  • Instruction ID: 439b831f61ccae05f7a44ed936508f326a15a1e937358132dc6aa78a7b56779b
                                                  • Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                  • Instruction Fuzzy Hash: F36162A2F04B5698FB01EBA2D8801FC37B1BB44B68F4044B6DE4D6BA69EF78D555C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 211107550-393685449
                                                  • Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                  • Instruction ID: d4ff39ab3bb3689019bd4ef037047d19d5f0395cf0da8221d9ec773b6a6d2b04
                                                  • Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                  • Instruction Fuzzy Hash: F9E1A3B2B08A818AE720AF36D4902BD7BA1FB44F68F1441B6DA9D47765DF38E495C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memchrtolower$_errnoisspace
                                                  • String ID: 0$0123456789abcdefghijklmnopqrstuvwxyz
                                                  • API String ID: 3508154992-2692187688
                                                  • Opcode ID: fec665214cfe3d47a35b6191644bb1773cefb00ebec378436a90ee3c0f6bd372
                                                  • Instruction ID: ea714a6a99bd1aefc24bf811c340c45e514dab14f22a4f16681f19b7f96581aa
                                                  • Opcode Fuzzy Hash: fec665214cfe3d47a35b6191644bb1773cefb00ebec378436a90ee3c0f6bd372
                                                  • Instruction Fuzzy Hash: 1751FA12A0D7D246FB618F2499143BD6691BB55BE4FB84030CE9D4FBB5DE3CA882C712
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                  • API String ID: 2943138195-2239912363
                                                  • Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                  • Instruction ID: dba6580a2a57267591f59c3b4abd74c52651be419f6ee4b04271c7b9a41a2285
                                                  • Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                  • Instruction Fuzzy Hash: 585149A2F08F4598FB51EBA2D8412BC77B0BB08B64F4441F7CA4D526A5EF7C9065CB10
                                                  APIs
                                                  • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007901
                                                  • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 0000000140007920
                                                  • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007954
                                                    • Part of subcall function 00000001400074F0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007593
                                                    • Part of subcall function 00000001400074F0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007677
                                                    • Part of subcall function 00000001400074F0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000767E
                                                    • Part of subcall function 00000001400074F0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000768A
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 000000014000798B
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 00000001400075E6
                                                    • Part of subcall function 00000001400074F0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 0000000140007608
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007629
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00000001400079A5
                                                  • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007A52
                                                  • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007A5C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@?sputc@?$basic_streambuf@V01@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@D@std@@@1@_Osfx@?$basic_ostream@V12@V?$basic_streambuf@
                                                  • String ID: ImptRED_CEvent_
                                                  • API String ID: 2242036409-942587184
                                                  • Opcode ID: 557c14cbb82c01860ffad337f226fd7406777ec9e2df2431951664573931bf9d
                                                  • Instruction ID: 9b405900c275d478bf9193c59fc3990d56eeb31e22b03c6e117ca8d8066cf312
                                                  • Opcode Fuzzy Hash: 557c14cbb82c01860ffad337f226fd7406777ec9e2df2431951664573931bf9d
                                                  • Instruction Fuzzy Hash: 1D519AB2204B8096EB11CB6AE89079E7B70F389B98F504111EF8D57BA9DF3DC549CB00
                                                  APIs
                                                  • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007E41
                                                  • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 0000000140007E60
                                                  • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007E94
                                                    • Part of subcall function 00000001400074F0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007593
                                                    • Part of subcall function 00000001400074F0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007677
                                                    • Part of subcall function 00000001400074F0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000767E
                                                    • Part of subcall function 00000001400074F0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000768A
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007ECB
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 00000001400075E6
                                                    • Part of subcall function 00000001400074F0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 0000000140007608
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007629
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007EE5
                                                  • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007F92
                                                  • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007F9C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@?sputc@?$basic_streambuf@V01@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@D@std@@@1@_Osfx@?$basic_ostream@V12@V?$basic_streambuf@
                                                  • String ID: ImptRED_SEvent_
                                                  • API String ID: 2242036409-1609572862
                                                  • Opcode ID: d112ca771eb2ea79db8c006b322dd33d38b974d4ce4bed7cb3b18525a6c5e379
                                                  • Instruction ID: 8a97eb910a4fcdb6b4de6865597d3f36b8df7ed7ebbeccb018c797ebbaee1b0b
                                                  • Opcode Fuzzy Hash: d112ca771eb2ea79db8c006b322dd33d38b974d4ce4bed7cb3b18525a6c5e379
                                                  • Instruction Fuzzy Hash: 15519A72204B8096EB11CB6AE8907AE7B70F389B98F504111EF8D17BA8DF3DC549CB40
                                                  APIs
                                                  • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007AC1
                                                  • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 0000000140007AE0
                                                  • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007B14
                                                    • Part of subcall function 00000001400074F0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007593
                                                    • Part of subcall function 00000001400074F0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007677
                                                    • Part of subcall function 00000001400074F0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000767E
                                                    • Part of subcall function 00000001400074F0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000768A
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007B4B
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 00000001400075E6
                                                    • Part of subcall function 00000001400074F0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 0000000140007608
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007629
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007B65
                                                  • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007C12
                                                  • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007C1C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@?sputc@?$basic_streambuf@V01@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@D@std@@@1@_Osfx@?$basic_ostream@V12@V?$basic_streambuf@
                                                  • String ID: ImptRED_CmdMap_
                                                  • API String ID: 2242036409-3276274529
                                                  • Opcode ID: eb72b4b9c3728dda12df250c988d7f9d49db028f0d6767484122c5dd21b42268
                                                  • Instruction ID: 80f30c22282736ca9dbe0986c54b36137faedd7c3a9fa85d2e807ed86ae44cad
                                                  • Opcode Fuzzy Hash: eb72b4b9c3728dda12df250c988d7f9d49db028f0d6767484122c5dd21b42268
                                                  • Instruction Fuzzy Hash: BC518972204B8096EB11CB6AE8907DE7B70F389B98F504111EF8D17BA8DF79C449CB00
                                                  APIs
                                                  • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007C81
                                                  • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 0000000140007CA0
                                                  • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 0000000140007CD4
                                                    • Part of subcall function 00000001400074F0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007593
                                                    • Part of subcall function 00000001400074F0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007677
                                                    • Part of subcall function 00000001400074F0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000767E
                                                    • Part of subcall function 00000001400074F0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000768A
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007D0B
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 00000001400075E6
                                                    • Part of subcall function 00000001400074F0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 0000000140007608
                                                    • Part of subcall function 00000001400074F0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007629
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 0000000140007D25
                                                  • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007DD2
                                                  • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 0000000140007DDC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@?sputc@?$basic_streambuf@V01@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@D@std@@@1@_Osfx@?$basic_ostream@V12@V?$basic_streambuf@
                                                  • String ID: ImptRED_DMap_
                                                  • API String ID: 2242036409-2879874026
                                                  • Opcode ID: 24b51fecd5f2a7e452d15f5c53ef0673e248089cf4209326baeba089d217b960
                                                  • Instruction ID: 0bc148500ed73b7892a49071eae52613f37d732fbc5d9ce32192ec441dd01905
                                                  • Opcode Fuzzy Hash: 24b51fecd5f2a7e452d15f5c53ef0673e248089cf4209326baeba089d217b960
                                                  • Instruction Fuzzy Hash: F9518BB2204B4096EB11CB56E8807AE7B70F789B98F504116EF8D17BA8DF7DC549CB00
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 1099746521-1866435925
                                                  • Opcode ID: cfb082ff85bf210e1d9c1e71ef6406b4313e61eef1ad4e5204bd3149fde2de6c
                                                  • Instruction ID: 906b499b5c6fd16a29edcf86ca7eb8a1217bf44ff731c96d7a8a3406cc29dcbb
                                                  • Opcode Fuzzy Hash: cfb082ff85bf210e1d9c1e71ef6406b4313e61eef1ad4e5204bd3149fde2de6c
                                                  • Instruction Fuzzy Hash: 4A21F5A1E1958A96FF54EB10E8837F92322EF50740F98443AD58E1E5B6EF2DE54AC340
                                                  APIs
                                                    • Part of subcall function 0000000140002D40: memcmp.VCRUNTIME140 ref: 0000000140002DFA
                                                    • Part of subcall function 0000000140002D40: memcmp.VCRUNTIME140 ref: 0000000140002E4B
                                                    • Part of subcall function 0000000140002D40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140002EA0
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000001400050DF
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140005233
                                                    • Part of subcall function 00000001400054B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400055FA
                                                  • memcmp.VCRUNTIME140 ref: 00000001400052B4
                                                  • memcmp.VCRUNTIME140 ref: 0000000140005325
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400053DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemcmp$strcmp
                                                  • String ID: MRDH$SideCarLut
                                                  • API String ID: 916663099-3852011117
                                                  • Opcode ID: 608b0a0c66fbb98f29b68c1b5e97cf3bfbb6c06cba486352861d6329e8aabb8d
                                                  • Instruction ID: 38950fd8b35224f21f2e144008351fd49fe11793fcade85143d264d05d5c62af
                                                  • Opcode Fuzzy Hash: 608b0a0c66fbb98f29b68c1b5e97cf3bfbb6c06cba486352861d6329e8aabb8d
                                                  • Instruction Fuzzy Hash: 4DD192B2204A8496EB62DF26E8843DE2761F74A7D5F841212FB5D4BAF6EF74C645C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: df26b54dcd2e7818783b48fec88ebffc83092775aeb9705f64e37e9dcb953063
                                                  • Instruction ID: 4ba8893faf807f1f1ad577847dbc6b5fdd41119bc0d3ced61992d9ad6cc883b5
                                                  • Opcode Fuzzy Hash: df26b54dcd2e7818783b48fec88ebffc83092775aeb9705f64e37e9dcb953063
                                                  • Instruction Fuzzy Hash: 78619D22A08A8686EF64DF19E4913B96761FF80F89F548136CA4E4B7B5DF7DD446C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowfputwcfwritestd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 1428583292-1866435925
                                                  • Opcode ID: 125ebd58732ec9439b0c4b251e07eb1884b141fda17910a2e50d74977be254b2
                                                  • Instruction ID: 0e771680fa94b85d8f644288c44d8d82c871c1432b329babdd3ad2b5524fb7bc
                                                  • Opcode Fuzzy Hash: 125ebd58732ec9439b0c4b251e07eb1884b141fda17910a2e50d74977be254b2
                                                  • Instruction Fuzzy Hash: 10717D72619A82D6EB51CF66E4802A933A0FB44B88F894036EB4D4BBB5DF3DD955C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                  • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                  • API String ID: 1852475696-928371585
                                                  • Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                  • Instruction ID: bf3c5928af7a4f54e96b48b622f0f3e575d0c6bfc1b8b3c3d21e3a7c1f9013cd
                                                  • Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                  • Instruction Fuzzy Hash: 6351BFA2B09E4692EE20EB66E4902B9A3A0FF44FA4F4444F3DA5D43675DF3CE525C301
                                                  APIs
                                                  • std::ios_base::failure::failure.LIBCPMT ref: 00007FFE014398D3
                                                  • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE0142C678), ref: 00007FFE014398E4
                                                  • std::ios_base::failure::failure.LIBCPMT ref: 00007FFE01439927
                                                  • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE0142C678), ref: 00007FFE01439938
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: 8f60f0c0fd1a51c4b62bc7d7b3fa713865788f1410f6822034779dd9d7d35d98
                                                  • Instruction ID: b1959b1d913e132410ef4697aa88504056e5d74880b6ae8d49394b8075051df3
                                                  • Opcode Fuzzy Hash: 8f60f0c0fd1a51c4b62bc7d7b3fa713865788f1410f6822034779dd9d7d35d98
                                                  • Instruction Fuzzy Hash: B9617B22A18A46C2EB68CF19E4913B96760FF80F98F458036CA4E4B3B5DFADD446C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memchrtolower$_errnoisspace
                                                  • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                  • API String ID: 3508154992-4256519037
                                                  • Opcode ID: c356680aea4f1b098ce2d85b3c2bc8858b80ca078cd62f0c13bf77b308a48d91
                                                  • Instruction ID: 6c23253563a7be9212e220d0779ed1e82e2213a77c069c1800a2b0f6d9e8d94e
                                                  • Opcode Fuzzy Hash: c356680aea4f1b098ce2d85b3c2bc8858b80ca078cd62f0c13bf77b308a48d91
                                                  • Instruction Fuzzy Hash: C6512822A0D69646FB618E20E42077D7691BF65B98F994034DD8D8B7B4DF3CE882C712
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+$Name::operator+=
                                                  • String ID: {for
                                                  • API String ID: 179159573-864106941
                                                  • Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                  • Instruction ID: 9842e773e3412af4cf65e0198cabaf7c1106b0f0c0d1e2616a1ce861183a0ec5
                                                  • Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                  • Instruction Fuzzy Hash: 08515BB2B08A85A9E711AF26C4413FC77A1EB44B68F4480F2EA5C47BA9DF7CD560C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: ca645f53885124775f2be7063501f64d58a7152d6be094203c98a7d7be5ee4ae
                                                  • Instruction ID: 787fe88f534caeddeb85b322243a91f45219a100c4cb62fb1db474d0fe8ef787
                                                  • Opcode Fuzzy Hash: ca645f53885124775f2be7063501f64d58a7152d6be094203c98a7d7be5ee4ae
                                                  • Instruction Fuzzy Hash: C75180A2A08A8982EF50EF19D4C02B9A361FF44F98F554536DA5D9B7B9DF3CD846C300
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A456A6B,?,?,00000000,00007FFE1A45689C,?,?,?,?,00007FFE1A4565E5), ref: 00007FFE1A456931
                                                  • GetLastError.KERNEL32(?,?,?,00007FFE1A456A6B,?,?,00000000,00007FFE1A45689C,?,?,?,?,00007FFE1A4565E5), ref: 00007FFE1A45693F
                                                  • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE1A456A6B,?,?,00000000,00007FFE1A45689C,?,?,?,?,00007FFE1A4565E5), ref: 00007FFE1A456958
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A456A6B,?,?,00000000,00007FFE1A45689C,?,?,?,?,00007FFE1A4565E5), ref: 00007FFE1A45696A
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FFE1A456A6B,?,?,00000000,00007FFE1A45689C,?,?,?,?,00007FFE1A4565E5), ref: 00007FFE1A4569B0
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FFE1A456A6B,?,?,00000000,00007FFE1A45689C,?,?,?,?,00007FFE1A4565E5), ref: 00007FFE1A4569BC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                  • String ID: api-ms-
                                                  • API String ID: 916704608-2084034818
                                                  • Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                  • Instruction ID: 9efc9f075a334c014589cfccaaa18e5d51a6d937fe9a4bc18af7f42151a37550
                                                  • Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                  • Instruction Fuzzy Hash: 9131AF61B1AF8291EE11AB07A8001B5A2A4BF48FB0F5945B7DD2D4B7A4EF3CE164C700
                                                  APIs
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE01421309
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE01421326
                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE0142134B
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE01421368
                                                    • Part of subcall function 00007FFE013F4D50: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D72
                                                    • Part of subcall function 00007FFE013F4D50: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D98
                                                    • Part of subcall function 00007FFE013F4D50: memcpy.VCRUNTIME140(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4DB0
                                                  Strings
                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE01421331
                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFE01421373
                                                  • :AM:am:PM:pm, xrefs: 00007FFE01421392
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                  • API String ID: 1539549574-35662545
                                                  • Opcode ID: 10fedc6cf8b271c653acab5ff3af7f7baa33902e39f74547f85e4552edfb1042
                                                  • Instruction ID: 3db0a7b9ad755819336767602133b0c53061a66b95ffb94ddd5373a997c9c6b9
                                                  • Opcode Fuzzy Hash: 10fedc6cf8b271c653acab5ff3af7f7baa33902e39f74547f85e4552edfb1042
                                                  • Instruction Fuzzy Hash: F2213E76A04B8582EB10DF21E4402A973A2FB98F94F498635DA4D5B776EF3CE585C380
                                                  APIs
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE01406A5E
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE01406A7B
                                                  • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE01406A9B
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE01406AB8
                                                    • Part of subcall function 00007FFE013F4DD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4DF9
                                                    • Part of subcall function 00007FFE013F4DD0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4E28
                                                    • Part of subcall function 00007FFE013F4DD0: memcpy.VCRUNTIME140(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4E3F
                                                  Strings
                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFE01406AC3
                                                  • :AM:am:PM:pm, xrefs: 00007FFE01406AD4
                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE01406A86
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                  • API String ID: 1539549574-3743323925
                                                  • Opcode ID: 147ff19c228d385071215598088683fcc7037ecf54d145b5104d8f1094f74a55
                                                  • Instruction ID: dd3629450851faaafa474d19ec1713f4e9ec68baf489643368e3c8f767a6cab0
                                                  • Opcode Fuzzy Hash: 147ff19c228d385071215598088683fcc7037ecf54d145b5104d8f1094f74a55
                                                  • Instruction Fuzzy Hash: F2214A22A08B4682EB20DF21F454269B3B1FB99B94F414234DA4E4B7B6EF7CE484C740
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abort$AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1501936508-0
                                                  • Opcode ID: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                  • Instruction ID: 642b842a912d40fdf9c2c957ef8f5295bb4b61aa26bc49168820bcaec06eb6e7
                                                  • Opcode Fuzzy Hash: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                  • Instruction Fuzzy Hash: 4B5190A1F09E4382FA69AB57944427867A4AF44FB4F0985F7EA4E073A4DF3CE4618300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abort$AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1501936508-0
                                                  • Opcode ID: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                  • Instruction ID: 6d06171c758477a8a6816760c24ef9a9f669ee0236d58f4a38a19748238d5f76
                                                  • Opcode Fuzzy Hash: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                  • Instruction Fuzzy Hash: 1A518FE2B09F4282EA65EB17954463863A4AF54FA4F0544F7EA4E077B4DF3CE861C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_setn$Xp_addx$Stofltisspaceisxdigit
                                                  • String ID:
                                                  • API String ID: 578106097-0
                                                  • Opcode ID: 031fdb0fd8573f0e151f958ea64a4ecea4735ba7c269578f79036d3a0c02e00a
                                                  • Instruction ID: 6a947751c457a589d1951ce27fa929038d86b3a9fcbb4a6c0a43430abe1945da
                                                  • Opcode Fuzzy Hash: 031fdb0fd8573f0e151f958ea64a4ecea4735ba7c269578f79036d3a0c02e00a
                                                  • Instruction Fuzzy Hash: 2961E622F1C65286EB11DF61E4805BE6720FBA4748F904132EE4E5B7B5DE3CD58AC701
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_setn$Xp_addx$Stofltisspaceisxdigit
                                                  • String ID:
                                                  • API String ID: 578106097-0
                                                  • Opcode ID: 2bde4d66b639f73dabc1d452e0e8b595216b0374bc4e16fb8a4ea73805052ec2
                                                  • Instruction ID: 953b296227c860e83b26a9282d5c13a3550bc1d568f9eac4751fa27584986e61
                                                  • Opcode Fuzzy Hash: 2bde4d66b639f73dabc1d452e0e8b595216b0374bc4e16fb8a4ea73805052ec2
                                                  • Instruction Fuzzy Hash: 5161E222B1CA5282E711DF61E4806FE6760FFA5348F900536EE4E1B6B5DE3CE58AC701
                                                  APIs
                                                    • Part of subcall function 000000014000BC30: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,000000014000B330), ref: 000000014000BC8F
                                                    • Part of subcall function 000000014000BC30: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,000000014000B330), ref: 000000014000BCAE
                                                    • Part of subcall function 000000014000C8A0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 000000014000C98E
                                                  • memcpy.VCRUNTIME140 ref: 000000014000C3C8
                                                  • memcpy.VCRUNTIME140 ref: 000000014000C427
                                                    • Part of subcall function 0000000140009FD0: memcpy.VCRUNTIME140 ref: 000000014000A0B6
                                                    • Part of subcall function 0000000140009FD0: memcpy.VCRUNTIME140 ref: 000000014000A0C4
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014000C52F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$__acrt_iob_func__stdio_common_vfprintf_invalid_parameter_noinfo_noreturn
                                                  • String ID: REDR3D-x64.dll$[LOAD PATH ] %s$[TEST TEST] IGNORING REDIRECT %s
                                                  • API String ID: 1244713665-103080910
                                                  • Opcode ID: ddc8c4655f835ded4f700a1b1333232acfafde412f7d4c62f4e22de029a9f3a9
                                                  • Instruction ID: cfd617ef930489ab8aca6008b2e9167fc097850ba9bca21f1b358ae0caa8a91c
                                                  • Opcode Fuzzy Hash: ddc8c4655f835ded4f700a1b1333232acfafde412f7d4c62f4e22de029a9f3a9
                                                  • Instruction Fuzzy Hash: 8E719AB2721A4086EB12CF66E8443DD37B1F749BD8F484622EF195BBA9DB38C181C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: FileHeader_local_unwind
                                                  • String ID: MOC$RCC$csm$csm
                                                  • API String ID: 2627209546-1441736206
                                                  • Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                  • Instruction ID: 4bff93c56a7fd6fe365e17166ff9465f2d531dbb32de18e5b9e6cae2f04be60b
                                                  • Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                  • Instruction Fuzzy Hash: 455180B2B09A4186EA60BF36900037966A0FF44FB4F5410F3DA4D833A5DF3CE4618A82
                                                  APIs
                                                  • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007593
                                                  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 00000001400075E6
                                                  • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,?,?,?,?,0000000140007D06), ref: 0000000140007608
                                                  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007629
                                                  • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 0000000140007677
                                                  • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000767E
                                                  • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,?,0000000140007D06), ref: 000000014000768A
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                  • String ID:
                                                  • API String ID: 1492985063-0
                                                  • Opcode ID: 48a82f96b1c6e9b0e595215daea0aa73583c570643872832382f0a47eff30425
                                                  • Instruction ID: c8404d0b7dac135a461826d57f818375c200501a51cfbfcecc82e8383ca51cf8
                                                  • Opcode Fuzzy Hash: 48a82f96b1c6e9b0e595215daea0aa73583c570643872832382f0a47eff30425
                                                  • Instruction Fuzzy Hash: 11515F72600A4082EB62CF1BE5947A9A7A0F789FE5F15C611EF9E477F1CB7AC5468300
                                                  APIs
                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBB38
                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBB48
                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBB5D
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBB91
                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBB9B
                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBBAB
                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBBBB
                                                    • Part of subcall function 00007FFE014425AC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5AF8), ref: 00007FFE014425C6
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$memset$_invalid_parameter_noinfo_noreturnmalloc
                                                  • String ID:
                                                  • API String ID: 2538139528-0
                                                  • Opcode ID: 8d6a24f3bf634d623b6df647f64059c90c5502672a76569a8a726b311e782cf9
                                                  • Instruction ID: f074bb4193fc39d2620981d47998d6c81fb9090b2953e7f5c51e2fe46d0b0cd0
                                                  • Opcode Fuzzy Hash: 8d6a24f3bf634d623b6df647f64059c90c5502672a76569a8a726b311e782cf9
                                                  • Instruction Fuzzy Hash: 6C41D2A2B08AC592EF14AB16E4042A9A322FB44BC4F954536EF1D1FBBECE7CD041C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowsetvbufstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2924853686-1866435925
                                                  • Opcode ID: 1f64c6e00743e2b6d18f717fbe02c07a67212b368ea4998e783aa68016d173a4
                                                  • Instruction ID: 4e12194930b967f0ac57799e8d505d97b1f28549d3a13319e7fea3cbc80c31a5
                                                  • Opcode Fuzzy Hash: 1f64c6e00743e2b6d18f717fbe02c07a67212b368ea4998e783aa68016d173a4
                                                  • Instruction Fuzzy Hash: F141AD72A14B8686EB55CF65E4403B933A0FB14B98F444139DA4C4F6B5DF3CE9A5CB40
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: CurrentThread$xtime_get
                                                  • String ID:
                                                  • API String ID: 1104475336-0
                                                  • Opcode ID: b41b3e793df45e27213671b53cb51a1755b037ad1250a9a602788c96421386ed
                                                  • Instruction ID: 9423321279c73148f66975f8e9a9b928b5b3cbed908596dee2130ce962642f6d
                                                  • Opcode Fuzzy Hash: b41b3e793df45e27213671b53cb51a1755b037ad1250a9a602788c96421386ed
                                                  • Instruction Fuzzy Hash: 9E413B72A09646CBEB61CF56E44427977A1FB44B44F10803ADB8E4A6B4DF3EEC85C701
                                                  APIs
                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFE01413B56
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE01413BCF
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE01413BE5
                                                  • _Getvals.LIBCPMT ref: 00007FFE01413C8A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Maklocstr$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                  • String ID: false$true
                                                  • API String ID: 2626534690-2658103896
                                                  • Opcode ID: c695a158c0b5114809dc70b7d0fbfaf85c4eed1fbf093ad79dd2f17f0fdf62ac
                                                  • Instruction ID: bf1b83a154f8da1d80604fc93e994b4571834da301881aac0453ec4881b43f5b
                                                  • Opcode Fuzzy Hash: c695a158c0b5114809dc70b7d0fbfaf85c4eed1fbf093ad79dd2f17f0fdf62ac
                                                  • Instruction Fuzzy Hash: 5E415D26B08B919AF711CF74E4401ED33B1FB9874CB405226EE4D2BA69EF38D596C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: NameName::atol
                                                  • String ID: `template-parameter$void
                                                  • API String ID: 2130343216-4057429177
                                                  • Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                  • Instruction ID: f85b8549f5f1985b488acaa23aca29926417e0d0263a1e5a1928cf8fb42e78bc
                                                  • Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                  • Instruction Fuzzy Hash: 18415A62F08F4688FB04EBA6D8512FC2371BF08BA4F5401B6CE5D17A65DF38946AC340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                  • API String ID: 2943138195-2211150622
                                                  • Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                  • Instruction ID: c22a252683084e3a78dcfab078d5ef6a1db550ae4a7256e82204d7d60a5a2148
                                                  • Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                  • Instruction Fuzzy Hash: 594136B2F08F8688FB029B26D8402BC77B0BB08B58F5441B2DA5D53364DF3CA5A5C740
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: char $int $long $short $unsigned
                                                  • API String ID: 2943138195-3894466517
                                                  • Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                  • Instruction ID: ab7eec8e7cedd0bc971dd47ea2ea2625ab5d47f9e626b2c2f00abce42a1f2c98
                                                  • Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                  • Instruction Fuzzy Hash: B34168B2F18B5689EB159F6AD8481BC37B1BB09B68F4481B3CA0C57B78DF389564C700
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemsetstrcspn$localeconvmemmove
                                                  • String ID:
                                                  • API String ID: 3009415009-0
                                                  • Opcode ID: 79913b7f2cf0946d329c90ba2b268b1e17353789fc4b59f1bbc5e2c67373d880
                                                  • Instruction ID: ad9a90c1e3a3380d0b6206613b4248cf835436d0d7b25cea1cd62c2a64b9bc85
                                                  • Opcode Fuzzy Hash: 79913b7f2cf0946d329c90ba2b268b1e17353789fc4b59f1bbc5e2c67373d880
                                                  • Instruction Fuzzy Hash: 82E16D22B09B8685FB11DBB5D4406AC6372FB49B88F515136DE5D2BBA9DF3CD44AC300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Dunscale$_errno
                                                  • String ID:
                                                  • API String ID: 2900277114-0
                                                  • Opcode ID: ca9a7425e4338700c7aba562b0c02e094e8ac02fa288402a05e4d39a5ba85423
                                                  • Instruction ID: bb7532c0a8596e09fdc1c3c2389b0a704279868e42300d3676fbc183d0d34c49
                                                  • Opcode Fuzzy Hash: ca9a7425e4338700c7aba562b0c02e094e8ac02fa288402a05e4d39a5ba85423
                                                  • Instruction Fuzzy Hash: 2FA1D332E086469AEB10DF2685800BD73A1FF66758F948231F7091B5BADF3CB4DA9741
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Dunscale$_errno
                                                  • String ID:
                                                  • API String ID: 2900277114-0
                                                  • Opcode ID: d9a476555f6a1f41d58d263dd2005ababac50c55a1706ecba255774e6695b5d8
                                                  • Instruction ID: 18cbd59db16a610c9fc145de933dab68b049303adc370ec840564dacd9673993
                                                  • Opcode Fuzzy Hash: d9a476555f6a1f41d58d263dd2005ababac50c55a1706ecba255774e6695b5d8
                                                  • Instruction Fuzzy Hash: 75A1A227E18E8B86E711DE3484401BD63A2FF667D4F904235EA4E2E5B5EF3CA0D68301
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                  • String ID: R3DAPI 7.3.1-44A14 (20200513 W64S)
                                                  • API String ID: 2665656946-1215215629
                                                  • Opcode ID: 98457a8c532842630b98285b89b9ec496e863bcfed3b0f9c1b1bfdd0cf47a7ec
                                                  • Instruction ID: 1f94f83d43c849715069b53280c3cf1e8531b19b99bc01c412034d7b6d4e24df
                                                  • Opcode Fuzzy Hash: 98457a8c532842630b98285b89b9ec496e863bcfed3b0f9c1b1bfdd0cf47a7ec
                                                  • Instruction Fuzzy Hash: B19122B1211A8499EB22DF27F8503DA7361F74ABD4F884222EB490B7B9DB7EC141C701
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: fgetc
                                                  • String ID:
                                                  • API String ID: 2807381905-0
                                                  • Opcode ID: 4d115736c04dabe9d8380459469711e0ea65801a3abab2b82b9901b7a97ab16c
                                                  • Instruction ID: 3a39e832a27d8c715d5483f927ea6d3cd0c002d628e50e107b0945c909dfe99e
                                                  • Opcode Fuzzy Hash: 4d115736c04dabe9d8380459469711e0ea65801a3abab2b82b9901b7a97ab16c
                                                  • Instruction Fuzzy Hash: 40914C73605A8189EB10DF25D4943AC33A1FB48B9CF56123AEA4E5BBA9DF3DD458C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                  • String ID:
                                                  • API String ID: 3490103321-0
                                                  • Opcode ID: a30ae13c142e2dcabb77bc798d6d9a85e0f23e3fe7315f8aa89f8282773a3d2d
                                                  • Instruction ID: 73e2f588164fb4c27e4c4e52aa6855933ec2bb15b470adf1cc409a9b0304e28f
                                                  • Opcode Fuzzy Hash: a30ae13c142e2dcabb77bc798d6d9a85e0f23e3fe7315f8aa89f8282773a3d2d
                                                  • Instruction Fuzzy Hash: E661D522F1CA4286E721DF61E4805BE7760FBA4744F904532EE4E5BAB9DE3CD589CB01
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                  • String ID:
                                                  • API String ID: 3490103321-0
                                                  • Opcode ID: a968a163d27d4a2015612df6a25af1ade50538c4fbfbe472cc9928b4ab87bfd3
                                                  • Instruction ID: 2512b7ca6506b6210c0d7812f60297bfb5b4235a7a053c411df193c4ee8a2679
                                                  • Opcode Fuzzy Hash: a968a163d27d4a2015612df6a25af1ade50538c4fbfbe472cc9928b4ab87bfd3
                                                  • Instruction Fuzzy Hash: 5361C422B1CA4282E711DF61E4805FE6760FFA5744F900532EE4E5BAB5DF7CE58A8B01
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1775671525-0
                                                  • Opcode ID: cb8e8a2f44cc62cd32a632b202d835ef3b606d67b9c0b0e5f42087863e469a96
                                                  • Instruction ID: f0df9d4c83997f2469ca076860e1cd9aeef013c4e6a6dd2ab8e2acc452abb021
                                                  • Opcode Fuzzy Hash: cb8e8a2f44cc62cd32a632b202d835ef3b606d67b9c0b0e5f42087863e469a96
                                                  • Instruction Fuzzy Hash: D041F36171868592EF14AB26E4043A96352FB04BE4F95463AEF6D0FBF5DE7CE041C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: FileHandle$CloseCreateInformation
                                                  • String ID:
                                                  • API String ID: 1240749428-0
                                                  • Opcode ID: 1068804706c036d4a9ce6b0869c9c46b2702efca279f26c5ccb680fbda452175
                                                  • Instruction ID: cf5c1c18fe3158371b2d1895e8bea3838e92857c37708694deefb48bbe4f4a4f
                                                  • Opcode Fuzzy Hash: 1068804706c036d4a9ce6b0869c9c46b2702efca279f26c5ccb680fbda452175
                                                  • Instruction Fuzzy Hash: BB41AE22F086818BF760CF70A8507AA33A1EB487A8F025735EE1C1BAA4DE3CD5958740
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                  • String ID:
                                                  • API String ID: 3741236498-0
                                                  • Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                  • Instruction ID: 48b66aaf2916ad99ba7d7c3e519d6005a89472b45c0c69aa8ded052bad530d61
                                                  • Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                  • Instruction Fuzzy Hash: 5931C461B19F9181EB11AB27E804579A3A4FF08FE4B5945F6DE2D433A0EE3DD462C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_configthreadlocale_initialize_narrow_environment_initialize_onexit_table_onexit
                                                  • String ID:
                                                  • API String ID: 2153537742-0
                                                  • Opcode ID: f539288d9f1f3d7249b87a9547d02823525d444580e8d32891b0b41e8399b437
                                                  • Instruction ID: 534899ad21150968aac174715d7514135b35f9473fc5e80356d1b8ef46292b69
                                                  • Opcode Fuzzy Hash: f539288d9f1f3d7249b87a9547d02823525d444580e8d32891b0b41e8399b437
                                                  • Instruction Fuzzy Hash: 95115E38A0024155FA5FB7F398173EC11969FAC3C4F454524BB498F2F3EE7B88658662
                                                  APIs
                                                  • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFE013F5F96), ref: 00007FFE013F2F59
                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5F96), ref: 00007FFE013F2F6B
                                                  • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFE013F5F96), ref: 00007FFE013F2F7A
                                                  • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFE013F5F96), ref: 00007FFE013F2FE0
                                                  • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFE013F5F96), ref: 00007FFE013F2FEE
                                                  • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FFE013F5F96), ref: 00007FFE013F3001
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                  • String ID:
                                                  • API String ID: 490008815-0
                                                  • Opcode ID: 488e8b2b7200c0c5cd5a98dbe2f11f7538b0ba4341635e04412eecd9dffd49b4
                                                  • Instruction ID: 637e7d555ecbf406e8f121ff53b179020048fbe42432aecbc7da7bfb835811be
                                                  • Opcode Fuzzy Hash: 488e8b2b7200c0c5cd5a98dbe2f11f7538b0ba4341635e04412eecd9dffd49b4
                                                  • Instruction Fuzzy Hash: 5C210E62D18F8583EB019F38D5052787760FBA9B49F15A224CE8D1A232EF7DE5E9C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$FileUnmapView
                                                  • String ID:
                                                  • API String ID: 260491571-0
                                                  • Opcode ID: c79584006ebb6ab8165207e4d763d1a3cfb8469778cb55540dabe317a807c072
                                                  • Instruction ID: e4157fc547da492297a5d265050bc8fab675aa544c6886f43f24823cbbcadd6d
                                                  • Opcode Fuzzy Hash: c79584006ebb6ab8165207e4d763d1a3cfb8469778cb55540dabe317a807c072
                                                  • Instruction Fuzzy Hash: 1DF01438616E00D5FA07DB63ECA83A427A1BB8DBD9F440211EB4E4B331DE3F85998300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abort$CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2889003569-2084237596
                                                  • Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                  • Instruction ID: e6ea8166ce1a269e67d5f5a9ff2da1a762e861be9e7c81596e1e14aef120ebb0
                                                  • Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                  • Instruction Fuzzy Hash: AA91A2B3B08B818AE710DB66E4902BD7BA0F744B98F1441A6EF8D17765DF38E1A5C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                  • API String ID: 2943138195-757766384
                                                  • Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                  • Instruction ID: f4d7375158b3fc1cf319c244564212f4ac27a0ac0a577c98ebed872f8e82aa37
                                                  • Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                  • Instruction Fuzzy Hash: 1B715DB1B08E4294EB14AF16D9401BC66B0BB05BA4F4485FBDA5D47AB8EF3CE175CB00
                                                  APIs
                                                  • memcmp.VCRUNTIME140 ref: 000000014000AD12
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014000ADD5
                                                    • Part of subcall function 000000014000BC30: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,000000014000B330), ref: 000000014000BC8F
                                                    • Part of subcall function 000000014000BC30: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,000000014000B330), ref: 000000014000BCAE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnmemcmp
                                                  • String ID: @$[FAIL INT. ] path '%s' already exists at index %u$[FAIL INT. ] too many paths
                                                  • API String ID: 3207467095-2931640462
                                                  • Opcode ID: 18470ac69061ff4e66931cc73eae5b662a6f84f1ed1e258ceb6863b62889c5ad
                                                  • Instruction ID: 2da19ac7c4dfbac8c42f28ebd32a6b72bd3b2cb838895640dc67fbc0c8e08b7c
                                                  • Opcode Fuzzy Hash: 18470ac69061ff4e66931cc73eae5b662a6f84f1ed1e258ceb6863b62889c5ad
                                                  • Instruction Fuzzy Hash: DC5169B2B10A5489EB11CF6AE8407DD37B1F709BA8F504216EF2A67BE9DB74C581C740
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abort$CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2889003569-2084237596
                                                  • Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                  • Instruction ID: 8141f7a08248614ccb6f765a2cdc714d694623d21637336d0a2bdc5609fc6457
                                                  • Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                  • Instruction Fuzzy Hash: 48613AB7A08B858AE718DF66D4803BD77A0FB44B98F1441A6EE4D13B68DF38E065C700
                                                  APIs
                                                  • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE0142B212), ref: 00007FFE0142BBFE
                                                  • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE0142B212), ref: 00007FFE0142BC0F
                                                  • iswxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE0142B212), ref: 00007FFE0142BC76
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: iswspace$iswxdigit
                                                  • String ID: (
                                                  • API String ID: 3812816871-3887548279
                                                  • Opcode ID: b830cff0c5d28eb9b1a5e66846577f97d039b9518a3845ee8b60060626fc6f3e
                                                  • Instruction ID: 1c7ae0158b43efd192da6c7e812c72156f48e98d6351cb2013be3a352825956e
                                                  • Opcode Fuzzy Hash: b830cff0c5d28eb9b1a5e66846577f97d039b9518a3845ee8b60060626fc6f3e
                                                  • Instruction Fuzzy Hash: 8B518066E1855382EB249B6295102FD73A1EF30B84FC88035DE894F4B4EF7DE8C2D212
                                                  APIs
                                                  • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE01429122), ref: 00007FFE01429CFA
                                                  • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE01429122), ref: 00007FFE01429D0B
                                                  • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE01429122), ref: 00007FFE01429D64
                                                  • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE01429122), ref: 00007FFE01429E14
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: isspace$isalnumisxdigit
                                                  • String ID: (
                                                  • API String ID: 3355161242-3887548279
                                                  • Opcode ID: 716b4af6be493bef1a1704f7f2c424fe19b579ad377a576405316da7889311fb
                                                  • Instruction ID: 83a4e2c7d54558f7b0d06d4698eb8b8a5777983769addb14e8694fdb7b3073af
                                                  • Opcode Fuzzy Hash: 716b4af6be493bef1a1704f7f2c424fe19b579ad377a576405316da7889311fb
                                                  • Instruction Fuzzy Hash: C941D867D0C1A256FB244F31E5103FDAB929F31B98F889030CA9C0F5B6DE1DE8469712
                                                  APIs
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,?,00000001,00007FFE0140A22C), ref: 00007FFE01413A25
                                                    • Part of subcall function 00007FFE013FB794: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01421347,?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE013FB7BF
                                                    • Part of subcall function 00007FFE013FB794: memcpy.VCRUNTIME140(?,?,00000000,00007FFE01421347,?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE013FB7DB
                                                  • _Getvals.LIBCPMT ref: 00007FFE01413A61
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                  • API String ID: 3848194746-3573081731
                                                  • Opcode ID: afe44bbbf315c128d24a0806b0508227c1b26fb6639d53e1a60ace2258aa4d08
                                                  • Instruction ID: 5c33ae5afdf8b2978652ab46a17444d90df35d4ebb0cd60fe6c2269545fad598
                                                  • Opcode Fuzzy Hash: afe44bbbf315c128d24a0806b0508227c1b26fb6639d53e1a60ace2258aa4d08
                                                  • Instruction Fuzzy Hash: 94418872A08B8197E725CF22958056E7BA0FB89B91B054235DB8957E31DB7CE5A2CB00
                                                  APIs
                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFE01413CE2
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE01413D5B
                                                  • _Maklocstr.LIBCPMT ref: 00007FFE01413D71
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                  • String ID: false$true
                                                  • API String ID: 309754672-2658103896
                                                  • Opcode ID: 338e19288eb98bd8f1b47372f9c1aa56ee45ee7e80caca0ac6520e6642491e8a
                                                  • Instruction ID: 8adda36a2d89f28cc6e5ad51ccf6fe92fa7758cbe8b7cc91af3c1ddf14bffe05
                                                  • Opcode Fuzzy Hash: 338e19288eb98bd8f1b47372f9c1aa56ee45ee7e80caca0ac6520e6642491e8a
                                                  • Instruction Fuzzy Hash: DF417A27B18B559AE710CFB0E4401ED33B1FB98748B404126EE4E2BB29EF38D5A5C394
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: 8d3ac1472eb59521ab7cb33da99209fe59d652a56c411d01b23e09fa8017a7eb
                                                  • Instruction ID: b9890c101a35b7b58f5107871a2cff9d34121f459024380be74a25441252afd5
                                                  • Opcode Fuzzy Hash: 8d3ac1472eb59521ab7cb33da99209fe59d652a56c411d01b23e09fa8017a7eb
                                                  • Instruction Fuzzy Hash: 6B21BE62A0868692EB18EB15E6413B96361FF50784F844039E74D6FAB5DF3DE1A5C300
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 2003779279-1866435925
                                                  • Opcode ID: 849b74ee5f73fdde2bfa1f1610c189757ac49f4ca831a016d12bb1df7dcfb911
                                                  • Instruction ID: fff578b84668e00ba50e20a90453103c768a8deb9d009469e2048435f4a5e02f
                                                  • Opcode Fuzzy Hash: 849b74ee5f73fdde2bfa1f1610c189757ac49f4ca831a016d12bb1df7dcfb911
                                                  • Instruction Fuzzy Hash: 58F0D161A1864AD6EF58EB00E8826F92322FF50744FA44839E24D0E5B5EF3DE14BC340
                                                  APIs
                                                  • ?Recycle@MemoryRecycler@allocator@dvacore@@YAXPEAX_K@Z.DVACORE ref: 0000000140006CC6
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140006CF5
                                                  • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 0000000140006D52
                                                  • memcpy.VCRUNTIME140 ref: 0000000140006DD5
                                                  • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 0000000140006E6E
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: D@std@@@std@@Pninc@?$basic_streambuf@U?$char_traits@$MemoryRecycle@Recycler@allocator@dvacore@@_invalid_parameter_noinfo_noreturnmemcpy
                                                  • String ID:
                                                  • API String ID: 3275830057-0
                                                  • Opcode ID: f13f8127416e7d7f80275f329ef49376f0d8f6da619257fe439308a18cea4d8f
                                                  • Instruction ID: 3173563bc62d35887f7c9779bdd612006aafe20ffacca945d5b8f48763ffbb63
                                                  • Opcode Fuzzy Hash: f13f8127416e7d7f80275f329ef49376f0d8f6da619257fe439308a18cea4d8f
                                                  • Instruction Fuzzy Hash: 5CA16BB2704B8485EB16CF2AE5443A977A2F389FE8F584516EF8D177A4DB38C895C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: fgetwc
                                                  • String ID:
                                                  • API String ID: 2948136663-0
                                                  • Opcode ID: ed1427ec7fd184f05f105e4a19992df21d1a2cad319d232875e2ff79a26b5bc3
                                                  • Instruction ID: 3db00aabf613547c8474c57bb9a1feddc54593c2d823dc3a1ceb4c6e0e05bdeb
                                                  • Opcode Fuzzy Hash: ed1427ec7fd184f05f105e4a19992df21d1a2cad319d232875e2ff79a26b5bc3
                                                  • Instruction Fuzzy Hash: 45815D72609A41C9DB21CFA6C0903AC33A1FB48B88F55153AEB4E4BBA9DF3DD854C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 2665656946-0
                                                  • Opcode ID: 314d0bc367498784a6055c5724ef22bc855d96b1200b035c08f9136b1467eef2
                                                  • Instruction ID: 6f8685d0ee64a854513a2710a76b76ebba126a19a16799565d604b2c87d49ee9
                                                  • Opcode Fuzzy Hash: 314d0bc367498784a6055c5724ef22bc855d96b1200b035c08f9136b1467eef2
                                                  • Instruction Fuzzy Hash: 884191B2304B8495EE16DB27B9043D9A395A74EBE0F440625BF6D0B7E5DE7CC081C304
                                                  APIs
                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FB9D3
                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FB9E1
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBA1A
                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBA24
                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FFE01421347), ref: 00007FFE013FBA32
                                                    • Part of subcall function 00007FFE014425AC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5AF8), ref: 00007FFE014425C6
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpymemset$_invalid_parameter_noinfo_noreturnmalloc
                                                  • String ID:
                                                  • API String ID: 3375828981-0
                                                  • Opcode ID: e1e662882264babfe03a29ca6950b8a7f1ee3d95dd1c18b575c3811a2ced279c
                                                  • Instruction ID: 829428d7647aba1e5c6e6fc20a8d14b9ed1971c285d01d35c2154ca3f64ab818
                                                  • Opcode Fuzzy Hash: e1e662882264babfe03a29ca6950b8a7f1ee3d95dd1c18b575c3811a2ced279c
                                                  • Instruction Fuzzy Hash: FA318061B086C291EF14AA16E5043AAA352FB04BD0F594535EF5D1FBAADE7CE0819300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: NameName::$Name::operator+
                                                  • String ID:
                                                  • API String ID: 826178784-0
                                                  • Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                  • Instruction ID: 481c71f12d8dc657a2eb355d85b103667f52c7a1ab074373772cce4ab92c22e3
                                                  • Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                  • Instruction Fuzzy Hash: CF4147A2B18F5699EB10EF22D8841B833B4BB15FA4B5444F3EA5D533A5DF38E865C300
                                                  APIs
                                                    • Part of subcall function 00007FFE01402160: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FFE013F4C3E,?,?,00000000,00007FFE013F5B5B), ref: 00007FFE0140216F
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5B5B), ref: 00007FFE013F4C47
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5B5B), ref: 00007FFE013F4C5B
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5B5B), ref: 00007FFE013F4C6F
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5B5B), ref: 00007FFE013F4C83
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5B5B), ref: 00007FFE013F4C97
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5B5B), ref: 00007FFE013F4CAB
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$setlocale
                                                  • String ID:
                                                  • API String ID: 294139027-0
                                                  • Opcode ID: af9b31b71ee19020bdfcdf2881afb454c7cf1e65ca09aa02857d537e0dbc91a2
                                                  • Instruction ID: 9ee17a2731a19423157ecdd698ce1aac234f08a141f5ac1fcab50ef2dc036d7f
                                                  • Opcode Fuzzy Hash: af9b31b71ee19020bdfcdf2881afb454c7cf1e65ca09aa02857d537e0dbc91a2
                                                  • Instruction Fuzzy Hash: C1112D22A06A4582FF199FA1D0F573923A2EF48F08F181138CA0E1D178CF6DD894D380
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$abortfputcfputs
                                                  • String ID:
                                                  • API String ID: 2697642930-0
                                                  • Opcode ID: cc43f010146a263ee9c93af417586094a0b7170059f9927bafddb445a1bda61b
                                                  • Instruction ID: c812be0518abd22c97cf41dbc87e1815a2fe471880552ae143fd062ee4b239a8
                                                  • Opcode Fuzzy Hash: cc43f010146a263ee9c93af417586094a0b7170059f9927bafddb445a1bda61b
                                                  • Instruction Fuzzy Hash: 8AE0ECA4E0864687FF086B61EC193346327DF48B92F240438C90F8E378CE3C54984251
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemmove
                                                  • String ID: %.0Lf$0123456789-
                                                  • API String ID: 4032823789-3094241602
                                                  • Opcode ID: fa63dc956d0c7b6bff8e3ee81f661619dd0e36560abcb1dd68b26c2578e8d3d2
                                                  • Instruction ID: a964b73d0cbec54b1a4f4afe06c40b517a8807e07745aed6fd0454e2555fe60f
                                                  • Opcode Fuzzy Hash: fa63dc956d0c7b6bff8e3ee81f661619dd0e36560abcb1dd68b26c2578e8d3d2
                                                  • Instruction Fuzzy Hash: 37714B72B59B6589EB00CFA5E8942AC2371EB48B98F404136DE4D5BBB8DE3CD44AC344
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemchrmemmove
                                                  • String ID: 0123456789-
                                                  • API String ID: 2457263114-3850129594
                                                  • Opcode ID: 8c4be3c5c3f65d5f443b50efeabd6800258d3d8700801e0cd99edaa92c67ca0d
                                                  • Instruction ID: c70cd1d4156369aee48da3db435fe46094c77924ccb580820d6bf0b1f3f1f557
                                                  • Opcode Fuzzy Hash: 8c4be3c5c3f65d5f443b50efeabd6800258d3d8700801e0cd99edaa92c67ca0d
                                                  • Instruction Fuzzy Hash: A4716B32B09B9589FB11CBA5E4502AC7771EB59B98F850135DE4D2BBB9CE3CD49AC300
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014000CB86
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014000CCD1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: gfffffff$gfffffff
                                                  • API String ID: 3668304517-161084747
                                                  • Opcode ID: 32859df8e06c2c5f4985c7dd554c6d2d37e083af61b95c2e78cf3b3f545f0329
                                                  • Instruction ID: 0937b4d6cc115db4af66b3ecbb46b401b0ea56f4de858bbb036e92e46f157e0a
                                                  • Opcode Fuzzy Hash: 32859df8e06c2c5f4985c7dd554c6d2d37e083af61b95c2e78cf3b3f545f0329
                                                  • Instruction Fuzzy Hash: D151B5B2311B8942EE25CB17F945799B355E748BE4F048226AFAD8B7E4DF38D081C301
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memset$_invalid_parameter_noinfo_noreturnswprintf_s
                                                  • String ID: %.0Lf
                                                  • API String ID: 1248405305-1402515088
                                                  • Opcode ID: b1e8befe6e1bc886ac1d936d3d3b688ef32ab1e9c7f518542a458b120f78afb2
                                                  • Instruction ID: de6a35ca3b20a25bf45af280d3e488a0cf826fb2575ca4c34eac229d13082a2d
                                                  • Opcode Fuzzy Hash: b1e8befe6e1bc886ac1d936d3d3b688ef32ab1e9c7f518542a458b120f78afb2
                                                  • Instruction Fuzzy Hash: 35619222B08B8586EB01DBB5E8502AD7762FF69B98F544135EE4D2BB79DE3CD045C300
                                                  APIs
                                                    • Part of subcall function 00007FFE1A456710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A45239E), ref: 00007FFE1A45671E
                                                  • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4541C3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abort
                                                  • String ID: $csm$csm
                                                  • API String ID: 4206212132-1512788406
                                                  • Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                  • Instruction ID: ec594808b087c04fd1a0d2c26028ba867c211003b764cc75c8273e96fe0df898
                                                  • Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                  • Instruction Fuzzy Hash: 9371D3B2B08A9186D7249F22944477D7BA1FB04FE8F1481B6EF4C4BAA6CB3CD461C741
                                                  APIs
                                                    • Part of subcall function 00007FFE1A456710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A45239E), ref: 00007FFE1A45671E
                                                  • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A453F13
                                                  • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A453F23
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                  • String ID: csm$csm
                                                  • API String ID: 4108983575-3733052814
                                                  • Opcode ID: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                  • Instruction ID: e9fd3555d480e4ebadda4588c98b609b91d73cdf49de688a137fe66b11dbd346
                                                  • Opcode Fuzzy Hash: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                  • Instruction Fuzzy Hash: E1515CB2B08A8286EA64AB57945427876E0FB44FA5F1441B7DB8D47AE5CF3CF860C701
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Exception$RaiseThrowabort
                                                  • String ID: csm
                                                  • API String ID: 3758033050-1018135373
                                                  • Opcode ID: 41d3011ef526da4fb6bf1b269c872e6bf0f3703c205a1fec46793368d0a6d4a5
                                                  • Instruction ID: 1124a6f1e9041ffac7163f3f78dae90175e2735aa95a7e86d5ff78f36b3869ff
                                                  • Opcode Fuzzy Hash: 41d3011ef526da4fb6bf1b269c872e6bf0f3703c205a1fec46793368d0a6d4a5
                                                  • Instruction Fuzzy Hash: D3515C22904BC5C6EB21DF28D4502A833A0FB58B98F159326DA5D1B7B6DF7DE5D5C300
                                                  APIs
                                                  • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFE013FF8D4
                                                  • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFE013FF8E6
                                                  • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFE013FF96B
                                                    • Part of subcall function 00007FFE013F4D50: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D72
                                                    • Part of subcall function 00007FFE013F4D50: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D98
                                                    • Part of subcall function 00007FFE013F4D50: memcpy.VCRUNTIME140(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4DB0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: setlocale$freemallocmemcpy
                                                  • String ID: bad locale name
                                                  • API String ID: 1663771476-1405518554
                                                  • Opcode ID: 3089d947b349021dcfde64b703aff5a4e4dbb642b6d91910f5acbb906797f4a3
                                                  • Instruction ID: 656f286bb1330242dd1c7557d4b69de0e7e77b7496311e961e70b80a697777f2
                                                  • Opcode Fuzzy Hash: 3089d947b349021dcfde64b703aff5a4e4dbb642b6d91910f5acbb906797f4a3
                                                  • Instruction Fuzzy Hash: 1B31B423F086D242FF55AB15E44417A6696EF84BC0F598039DE5D5F7B5DE3CE8818340
                                                  APIs
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,?,00000001,00007FFE0140A07C), ref: 00007FFE014138E1
                                                    • Part of subcall function 00007FFE013FB794: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01421347,?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE013FB7BF
                                                    • Part of subcall function 00007FFE013FB794: memcpy.VCRUNTIME140(?,?,00000000,00007FFE01421347,?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE013FB7DB
                                                    • Part of subcall function 00007FFE014067B0: _Maklocstr.LIBCPMT ref: 00007FFE014067E0
                                                    • Part of subcall function 00007FFE014067B0: _Maklocstr.LIBCPMT ref: 00007FFE014067FF
                                                    • Part of subcall function 00007FFE014067B0: _Maklocstr.LIBCPMT ref: 00007FFE0140681E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                  • API String ID: 2904694926-3573081731
                                                  • Opcode ID: 5fb98ecc23b1440d1e6e1dedbf84344ef495620835dca63dbf83dea626920800
                                                  • Instruction ID: 5688e7ba9f6f8f7f3f74af9f1a39f5a683b41b2321e59823f8547b0338cb4516
                                                  • Opcode Fuzzy Hash: 5fb98ecc23b1440d1e6e1dedbf84344ef495620835dca63dbf83dea626920800
                                                  • Instruction Fuzzy Hash: 6841CC72A18B8297E720CF21D18056EBBA2FB84B91B054235CB8947A21DF7CF566CB00
                                                  APIs
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,0000003F,?,00000001,00007FFE01422278), ref: 00007FFE0142434D
                                                    • Part of subcall function 00007FFE013FB794: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01421347,?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE013FB7BF
                                                    • Part of subcall function 00007FFE013FB794: memcpy.VCRUNTIME140(?,?,00000000,00007FFE01421347,?,?,?,?,?,?,?,?,?,00007FFE0142243E), ref: 00007FFE013FB7DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                  • API String ID: 3376215315-3573081731
                                                  • Opcode ID: 2566776ce46715a1dcd3a2bb79e4a760c3df9f1c89cfc7252a8fa556c06b05a3
                                                  • Instruction ID: 3f3427ecad3a27603c0f519c9f87131ed97cfec1e8203630c5c6f20e41b695e0
                                                  • Opcode Fuzzy Hash: 2566776ce46715a1dcd3a2bb79e4a760c3df9f1c89cfc7252a8fa556c06b05a3
                                                  • Instruction Fuzzy Hash: BA41DE72A08B8297E724CF25D58056E7BA0FB94B81B494235DB8947E31DF3CF5A2CB00
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: NameName::
                                                  • String ID: %lf
                                                  • API String ID: 1333004437-2891890143
                                                  • Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                  • Instruction ID: 52a06e46274a47030e9f96064f132dc5cc12c5c0162778aa279589fb8ebc8a47
                                                  • Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                  • Instruction Fuzzy Hash: 6F31B4B2B0CF8585EA60DB26A8502797370FB45F94F4481F3E9AE87265CF3CD5518740
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: FileFindNext$wcscpy_s
                                                  • String ID: .
                                                  • API String ID: 544952861-248832578
                                                  • Opcode ID: 45e9ef7686e1186a7aee778403a8dd31be2fd3c48eb990b4e7a9f872669560ec
                                                  • Instruction ID: 0be135281fad1251dffd2e4b31b6bc67bc504d546eabed2e532c314807ce7a19
                                                  • Opcode Fuzzy Hash: 45e9ef7686e1186a7aee778403a8dd31be2fd3c48eb990b4e7a9f872669560ec
                                                  • Instruction Fuzzy Hash: DF216366A0C6C186FB70AF25E8483B973A0EB48B94F454135EA8D5B6B4DF7CD4458B40
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                  • String ID: ios_base::badbit set
                                                  • API String ID: 1099746521-3882152299
                                                  • Opcode ID: b18094d71eb5fa0dd49bb41d4a20651cb5020cf0babcbd14d2a38fb164982f78
                                                  • Instruction ID: b896e3e4b4444bac8cd1c314fa0d1e2bea792da65e0179d3c55c599e6006891b
                                                  • Opcode Fuzzy Hash: b18094d71eb5fa0dd49bb41d4a20651cb5020cf0babcbd14d2a38fb164982f78
                                                  • Instruction Fuzzy Hash: 4C01F991F2C68B92FF18E725D842BBD1312EF90744F55853ED58E2EAB6DE3DE5068200
                                                  APIs
                                                    • Part of subcall function 00007FFE1A456710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A45239E), ref: 00007FFE1A45671E
                                                  • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A45243E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abortterminate
                                                  • String ID: MOC$RCC$csm
                                                  • API String ID: 661698970-2671469338
                                                  • Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                  • Instruction ID: 4707af12d9462f3d6f2484c01aa28e356b36a809efe0c17d0255c4ddf99349d1
                                                  • Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                  • Instruction Fuzzy Hash: 86F03C76A18A4682EB506F66A1810797665EB48F64F1950F3E74807262CF3CD4B0CA41
                                                  APIs
                                                  • __C_specific_handler.LIBVCRUNTIME ref: 00007FFE1A45E9F0
                                                    • Part of subcall function 00007FFE1A45EC30: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1A45ECF0
                                                    • Part of subcall function 00007FFE1A45EC30: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFE1A45E9F5), ref: 00007FFE1A45ED3F
                                                    • Part of subcall function 00007FFE1A456710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A45239E), ref: 00007FFE1A45671E
                                                  • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A45EA1A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
                                                  • String ID: csm$f
                                                  • API String ID: 2451123448-629598281
                                                  • Opcode ID: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                  • Instruction ID: b479b3da4346521d8074b59fb9537204e4fa657b5a33c0ea2cf2e72905c2445c
                                                  • Opcode Fuzzy Hash: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                  • Instruction Fuzzy Hash: 57E037A5F18B4181D7307B62B14117D66A5AF15F64F1480F6D64807656CE78D8B04641
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID:
                                                  • API String ID: 2943138195-0
                                                  • Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                  • Instruction ID: 996857dac50c7e8b3cf74c3128a7ebda37b01281f1425cd5fdf23e82d048d11c
                                                  • Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                  • Instruction Fuzzy Hash: B4918EA6F08F5689FB119BA2D8403BC2BB0BB05B24F5440F7DA4D576A6DF3CA865C740
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+$NameName::
                                                  • String ID:
                                                  • API String ID: 168861036-0
                                                  • Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                  • Instruction ID: b4e96470f146aab0293c23c966a862d76a51084b61ddae11b320a541f2fb1d8e
                                                  • Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                  • Instruction Fuzzy Hash: 405169B2F18B5A89E711DF22E8447BC37A0BB44B68F5480B2DA5E477A5DF39E461C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memset$_invalid_parameter_noinfo_noreturnmemcpy
                                                  • String ID:
                                                  • API String ID: 3533975685-0
                                                  • Opcode ID: f0acfebeec57c01816e898725c36c4e30a40acc5555a2c14dbc06bee451d9b77
                                                  • Instruction ID: 948ad675966271c9991ceaad39470193d7d81f5c1b48440d7dc352eab6ab828f
                                                  • Opcode Fuzzy Hash: f0acfebeec57c01816e898725c36c4e30a40acc5555a2c14dbc06bee451d9b77
                                                  • Instruction Fuzzy Hash: B431B4B2711A9451EA06DF66F5443EDA291A788BE0F548635AF6C077E5EF38C4E2C300
                                                  APIs
                                                  • memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFE,?,?,?,?,?,?,00000000,00000000,?,00000000,00000048,00007FFE014067E5), ref: 00007FFE01406EA1
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,7FFFFFFFFFFFFFFE,?,?,?,?,?,?,00000000,00000000,?,00000000,00000048,00007FFE014067E5), ref: 00007FFE01406EF2
                                                  • memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFE,?,?,?,?,?,?,00000000,00000000,?,00000000,00000048,00007FFE014067E5), ref: 00007FFE01406EFC
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE01406F3D
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1775671525-0
                                                  • Opcode ID: 85f92700b56973fac5dddd040f82a906fa3d37636fa8e3a1a22e046d738f97e4
                                                  • Instruction ID: 46494802ce9cdec9117d15989d16a464cd0736bb0a7e64eb03552749f494c34b
                                                  • Opcode Fuzzy Hash: 85f92700b56973fac5dddd040f82a906fa3d37636fa8e3a1a22e046d738f97e4
                                                  • Instruction Fuzzy Hash: 6D410262B0874692EF15DB92E1041796255EB48BE4F560639EF6E0FBF8EE3CE851C340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1775671525-0
                                                  • Opcode ID: 65def131db07ebb671ced289ad75ed43dc53c7929ef83caf72930572c550efab
                                                  • Instruction ID: e9e7ed693c8be91739b6f03b50c4821f4bf959aea9c8a58af5babbd23f5e9e29
                                                  • Opcode Fuzzy Hash: 65def131db07ebb671ced289ad75ed43dc53c7929ef83caf72930572c550efab
                                                  • Instruction Fuzzy Hash: 2F31C361B0868686EF14AB16A544369A355EF44BE8F654239EE7D0FBF5DE7CE041C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Xp_movx$Xp_setw_errnoldexpmemcpy
                                                  • String ID:
                                                  • API String ID: 2233944734-0
                                                  • Opcode ID: 1ff152472e2a6c573ab22b20db3e38fcc343a5cc5c017478c776d377500589fd
                                                  • Instruction ID: 7cd0abc317083f681f9741cbb355a9762aec2747b76391d30ff3148505578365
                                                  • Opcode Fuzzy Hash: 1ff152472e2a6c573ab22b20db3e38fcc343a5cc5c017478c776d377500589fd
                                                  • Instruction Fuzzy Hash: C341D422A1CB4687F7519B2590412BE63A0FF98B54F948231EE4D1B7B6DF3CE94F8640
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                  • String ID:
                                                  • API String ID: 2234106055-0
                                                  • Opcode ID: 49391ab6287bfb1c133544008d3ff4748e0f156886d13d026989aa47a4cfeebd
                                                  • Instruction ID: b06568875f6ef40e142a00a3c2dbeba458978eb38326e6ba0621880d135bfe28
                                                  • Opcode Fuzzy Hash: 49391ab6287bfb1c133544008d3ff4748e0f156886d13d026989aa47a4cfeebd
                                                  • Instruction Fuzzy Hash: AA31D826A0C7C182FB21AB16E45437D6AA1FB90B91F194039DE8E5F7B9DE3CE485C710
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                  • String ID:
                                                  • API String ID: 3857474680-0
                                                  • Opcode ID: a38db0811340887b8b5530aa5a0d97aa9f0069b43224d29c853334689370c1d1
                                                  • Instruction ID: d656499cf1c2af985915777661a374fdfa4497d75f154cb4d599cac53e9c5df5
                                                  • Opcode Fuzzy Hash: a38db0811340887b8b5530aa5a0d97aa9f0069b43224d29c853334689370c1d1
                                                  • Instruction Fuzzy Hash: 1E31D462A0C7C282FB15AB15A45437D6AA1FB90B95F19403ADA8E1F7A9DE2CE484C710
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID:
                                                  • API String ID: 2943138195-0
                                                  • Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                  • Instruction ID: 8d907fbcc80c657dde9576ae18326677b863449b53272ee15ec5d3a58e6a5ca5
                                                  • Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                  • Instruction Fuzzy Hash: 624164B2B08B858AEB01DF66D8413BC77B0BB44B68F5481A6DA8D57769DF3894A1C700
                                                  APIs
                                                  • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,00000000,?,?,?,00007FFE0141E921), ref: 00007FFE0142AFB7
                                                  • memcpy.VCRUNTIME140(?,00000000,?,?,?,00007FFE0141E921), ref: 00007FFE0142AFDB
                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFE0141E921), ref: 00007FFE0142AFE8
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFE0141E921), ref: 00007FFE0142B05B
                                                    • Part of subcall function 00007FFE013F2E30: wcsnlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE013F2E5A
                                                    • Part of subcall function 00007FFE013F2E30: LCMapStringEx.KERNEL32 ref: 00007FFE013F2E9E
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: String___lc_locale_name_funcfreemallocmemcpywcsnlen
                                                  • String ID:
                                                  • API String ID: 2888714520-0
                                                  • Opcode ID: 99efea7dbd1116518199412829dbec7523ad640586a417166189b82ef7474ba8
                                                  • Instruction ID: f06b74c7550a14bd34ba3eeb74f6bb8add422246858c16040b5bee2f3922d97c
                                                  • Opcode Fuzzy Hash: 99efea7dbd1116518199412829dbec7523ad640586a417166189b82ef7474ba8
                                                  • Instruction Fuzzy Hash: BA21D961B08BD186D7219F12A40096A9B94FB55BD4F984235DE6D1FBF5DE3CD4418304
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _wfsopen$fclosefseek
                                                  • String ID:
                                                  • API String ID: 1261181034-0
                                                  • Opcode ID: 65157f6aaa3c65f973982b065b247de6758d3b07ca583f350756c2c4b6984900
                                                  • Instruction ID: 39664d18979d145c00ef3af706406949871bdcd4de5c859d1a01ecc4c798d231
                                                  • Opcode Fuzzy Hash: 65157f6aaa3c65f973982b065b247de6758d3b07ca583f350756c2c4b6984900
                                                  • Instruction Fuzzy Hash: 97319321B1978543EF69DB16A4947767391EF84F84F4A4538CE0E9BBB4DE3CE8418740
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _fsopen$fclosefseek
                                                  • String ID:
                                                  • API String ID: 410343947-0
                                                  • Opcode ID: 4df16a4f6c63ea2db741babe0929eaadb8ea0385d608e1fd76dd175521e20e9d
                                                  • Instruction ID: 50fa546092234f24c44faa102d3f5fbd2bded8e646fdc7ccd14c70a9b9a5ed5e
                                                  • Opcode Fuzzy Hash: 4df16a4f6c63ea2db741babe0929eaadb8ea0385d608e1fd76dd175521e20e9d
                                                  • Instruction Fuzzy Hash: 46310621B2878A42FB68DB16A4446757793EF84F85F494938CE0E9B7B4DE3CEC418340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$FormatFreeLibraryMessage
                                                  • String ID:
                                                  • API String ID: 4174221723-0
                                                  • Opcode ID: 637bee9128a08deb273023f1cf6dd0b875d60af285b14277b8822e8af08c01c9
                                                  • Instruction ID: 329cc6dd5267e1a20a6fc7da630ad77381380cdf8f0f417e816be49fa379c834
                                                  • Opcode Fuzzy Hash: 637bee9128a08deb273023f1cf6dd0b875d60af285b14277b8822e8af08c01c9
                                                  • Instruction Fuzzy Hash: F4315072A18B8441EB128B26E4453AE6751E79DBF4F249301F7FD0B6F9DBB9D5C08600
                                                  APIs
                                                  • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,00007FFE0142576B), ref: 00007FFE0142A604
                                                  • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,00007FFE0142576B), ref: 00007FFE0142A60E
                                                    • Part of subcall function 00007FFE013F26E0: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE013F2728
                                                    • Part of subcall function 00007FFE013F26E0: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE013F274E
                                                    • Part of subcall function 00007FFE013F26E0: GetCPInfo.KERNEL32 ref: 00007FFE013F2792
                                                  • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,00007FFE0142576B), ref: 00007FFE0142A631
                                                  • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFE0142576B), ref: 00007FFE0142A66F
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                  • String ID:
                                                  • API String ID: 3421985146-0
                                                  • Opcode ID: 67ebdb8d2028b82e9ed58ed5a744d3daccf2b1b22702c2d8a250d3317050ddda
                                                  • Instruction ID: fe80bd2ae46c2ec51856c3c9d5f0629ae21f3a89cb63f5a1046941e78d0240ab
                                                  • Opcode Fuzzy Hash: 67ebdb8d2028b82e9ed58ed5a744d3daccf2b1b22702c2d8a250d3317050ddda
                                                  • Instruction Fuzzy Hash: F5216F72B087828AEB208F26954012DB7A6FBD4FD4B954235DE9D5BBB4CF3CE8458701
                                                  APIs
                                                  • memset.VCRUNTIME140(?,?,00000000,000000014000C5B8,?,?,?,000000014000AF1A,?,?,?,?,000000014000B356), ref: 000000014000FB78
                                                    • Part of subcall function 000000014000BC30: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,000000014000B330), ref: 000000014000BC8F
                                                    • Part of subcall function 000000014000BC30: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,000000014000B330), ref: 000000014000BCAE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func__stdio_common_vfprintfmemset
                                                  • String ID: [FINALIZE ] %08X %s$[UNLOAD LIB]$[UNLOAD LIB] %08X %s
                                                  • API String ID: 1351999747-1487749591
                                                  • Opcode ID: 011c263d19f9140a1604c488a99ec7640e8ed72f06c54b6a755ed96897cc34c0
                                                  • Instruction ID: 71482a23b425682d2a021b79c21f529c824127a60a25d7ce3ea3483a94a8a675
                                                  • Opcode Fuzzy Hash: 011c263d19f9140a1604c488a99ec7640e8ed72f06c54b6a755ed96897cc34c0
                                                  • Instruction Fuzzy Hash: 42213972215B8485E352DF22E5503DE37A4F74CF88F588129EB890BB69CF39C662D750
                                                  APIs
                                                  • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                  • ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                  • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                  • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                  • String ID:
                                                  • API String ID: 3203701943-0
                                                  • Opcode ID: ef19d35023d8e628eed813c77d0447fb231f9ae334597f1a57a176e318bf1fbd
                                                  • Instruction ID: 4aaa9055f457773a3941b5a5a8dce706b35ab72d69fce494c4f36289ac21efab
                                                  • Opcode Fuzzy Hash: ef19d35023d8e628eed813c77d0447fb231f9ae334597f1a57a176e318bf1fbd
                                                  • Instruction Fuzzy Hash: 0101A5A2E15B5187DF058F799804178B7A0FB58B84B549235DA4E8F734DA7CD0C18700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: memmove$FormatFreeLocalMessage
                                                  • String ID: unknown error
                                                  • API String ID: 725469203-3078798498
                                                  • Opcode ID: 37ba838826cd70d9d591dcbc435c2a3c18e79b33b76249e781432721d4dcd293
                                                  • Instruction ID: 0180ce94398c27a42c0a7b52e09b7ab3a8f6bcea21f99e41dfdd7a583b5940e4
                                                  • Opcode Fuzzy Hash: 37ba838826cd70d9d591dcbc435c2a3c18e79b33b76249e781432721d4dcd293
                                                  • Instruction Fuzzy Hash: EA11582260978682E7219F25E14036DB7A1FB99BCCF488235EA8D0F7BACF7CD5508741
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: malloc
                                                  • String ID: MOC$RCC$csm
                                                  • API String ID: 2803490479-2671469338
                                                  • Opcode ID: e15f6a6168a41ae6d63f11c971b02e69181d3bca20467f3ec0c288ca60c2c75b
                                                  • Instruction ID: 4cbbb1d556229ea38626a6243ef7f532f862973eaa76563ac78ee8d084a25611
                                                  • Opcode Fuzzy Hash: e15f6a6168a41ae6d63f11c971b02e69181d3bca20467f3ec0c288ca60c2c75b
                                                  • Instruction Fuzzy Hash: BC018422E08582C6EF64AF15955417E22B1EF48B84F594039DA1D2FBA5CE6CE881C602
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemmove
                                                  • String ID: 0123456789-
                                                  • API String ID: 4032823789-3850129594
                                                  • Opcode ID: 087b80219a7abc084ea80889b2ea5c4dce6a7d36c716b4555a794046ca4908f1
                                                  • Instruction ID: 8aca4833dd0765712702b93e65cc0c92ac213c1685a50989791b092a9040a51b
                                                  • Opcode Fuzzy Hash: 087b80219a7abc084ea80889b2ea5c4dce6a7d36c716b4555a794046ca4908f1
                                                  • Instruction Fuzzy Hash: 4F715A72B49B5589EB01CFA5E8902AC2371FB48B98F404136EE4D5BBB8DE3CD44AC344
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnswprintf_s
                                                  • String ID: %.0Lf
                                                  • API String ID: 296878162-1402515088
                                                  • Opcode ID: 5a4d563a18775b69986e137ad3adbc7dd30679c36a0b1d805a8bd9c508e10a71
                                                  • Instruction ID: dc0b4b18a6933a4e6920fb7d219d6e3ec69581a4627b7253be32515637c9a3f5
                                                  • Opcode Fuzzy Hash: 5a4d563a18775b69986e137ad3adbc7dd30679c36a0b1d805a8bd9c508e10a71
                                                  • Instruction Fuzzy Hash: 7C716032B48B9586EB11CBA5E8402AD7372EB94B98F504136EE4D2BB79EF3CD455C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnswprintf_s
                                                  • String ID: %.0Lf
                                                  • API String ID: 296878162-1402515088
                                                  • Opcode ID: ee1491a657aa9157b33aeeee70a7cdfd851f52d190288e523924d1584d869f09
                                                  • Instruction ID: 1441afd0019c2530502a472fb9ba3fd323cdb9979b417486f0ef8682d68d3cfa
                                                  • Opcode Fuzzy Hash: ee1491a657aa9157b33aeeee70a7cdfd851f52d190288e523924d1584d869f09
                                                  • Instruction Fuzzy Hash: AF716132B08B9586EB11CB66E8802AD6372EF94B98F104136EE5D6BB79DF3CD445C340
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: rand_s
                                                  • String ID: invalid random_device value
                                                  • API String ID: 863162693-3926945683
                                                  • Opcode ID: 1f0bf483c807b0933479a94a212f7c0e0c81eea9436f44e2959e188e7e1d09d4
                                                  • Instruction ID: 4c5a42236438f87ac391a5266e83f9d91cc94ad74a838270408e4b9521b230fb
                                                  • Opcode Fuzzy Hash: 1f0bf483c807b0933479a94a212f7c0e0c81eea9436f44e2959e188e7e1d09d4
                                                  • Instruction Fuzzy Hash: F6510162C18A8A86F3528B34C4511BE6364FF363C8F908732E61E3E5B5DF2DA4C28201
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: abort$CreateFrameInfo
                                                  • String ID: csm
                                                  • API String ID: 2697087660-1018135373
                                                  • Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                  • Instruction ID: e20f068562fb8a79c6376a3f11815f6f1b5ea2c11c22a2b7706f1c1482beb7f7
                                                  • Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                  • Instruction Fuzzy Hash: 6E514FB6718B4186D620AB26E04127E77B5F788FA0F1415B6EB8D07B66CF38D461CB00
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Strftime_invalid_parameter_noinfo_noreturn
                                                  • String ID: !%x
                                                  • API String ID: 1195835417-1893981228
                                                  • Opcode ID: 6903184f3a269f3019ac34e3e92db72ab81aa2a9284a6f7e405e64e2c6ea4191
                                                  • Instruction ID: 0fdd913203488520331c75a2670ccc75526431eb8f5f2791cb195ac45e000b71
                                                  • Opcode Fuzzy Hash: 6903184f3a269f3019ac34e3e92db72ab81aa2a9284a6f7e405e64e2c6ea4191
                                                  • Instruction Fuzzy Hash: 8C417C62F18A9199FB00CBA5D8417EC3B71BB68798F844535EE5D2BBA9DF3C9185C300
                                                  APIs
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE013F3305
                                                    • Part of subcall function 00007FFE014425AC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE013F5AF8), ref: 00007FFE014425C6
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE013F57FA,?,?,?,00007FFE013F4438), ref: 00007FFE013F32FE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                  • String ID: ios_base::failbit set
                                                  • API String ID: 1934640635-3924258884
                                                  • Opcode ID: a7105f9537d0b8ee9470ba42bbca5faa58e0001fe82cb241ae85c6af635f2652
                                                  • Instruction ID: 5dbaf2c5d475c3da415fae4e4029ca3b99c2d37f896bf6cb34a9175ca87f81c3
                                                  • Opcode Fuzzy Hash: a7105f9537d0b8ee9470ba42bbca5faa58e0001fe82cb241ae85c6af635f2652
                                                  • Instruction Fuzzy Hash: 6621E921B09BC195DB60DB11E4402AAB3A4FF48BE0F544635EE9C5BBA8EF3CC545C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+
                                                  • String ID: void$void
                                                  • API String ID: 2943138195-3746155364
                                                  • Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                  • Instruction ID: fdc32364626f0b2789df4b3192eb21c8d56db032a9ea0fa3e03a73e331164180
                                                  • Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                  • Instruction Fuzzy Hash: BB3159A6F18E5598FB01DBA1E8410FC33B0BB49B58B4405B7DE4D53B69DF389164C750
                                                  APIs
                                                    • Part of subcall function 000000014000FAA0: memset.VCRUNTIME140(?,?,00000000,000000014000C5B8,?,?,?,000000014000AF1A,?,?,?,?,000000014000B356), ref: 000000014000FB78
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014000E441
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturnmemset
                                                  • String ID: [FAIL LOAD ] %s$[LOAD LIB ] %s
                                                  • API String ID: 1654775311-1428855073
                                                  • Opcode ID: 100702db65f066f6dc0c5a5468a2d2b73a7eb3417bf6cf788e71504e7ac0ce2e
                                                  • Instruction ID: e1e0474e3a99f30cd742c56738cdfbd4506b2c38850e860c1e011aff6007d584
                                                  • Opcode Fuzzy Hash: 100702db65f066f6dc0c5a5468a2d2b73a7eb3417bf6cf788e71504e7ac0ce2e
                                                  • Instruction Fuzzy Hash: EC218EB2714B8481FA16CB1AF44439A6362E78DBE4F544321BBA94BAF9DF38C181C740
                                                  APIs
                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013FC744), ref: 00007FFE013FF1D4
                                                    • Part of subcall function 00007FFE0142B090: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B0
                                                    • Part of subcall function 00007FFE0142B090: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0B8
                                                    • Part of subcall function 00007FFE0142B090: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0C1
                                                    • Part of subcall function 00007FFE0142B090: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFE013F6093), ref: 00007FFE0142B0DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                  • String ID: false$true
                                                  • API String ID: 2502581279-2658103896
                                                  • Opcode ID: 059b9e7dcc9bf5a9b2d162324d428766691881fb9c7eb73767e2217b061ef50a
                                                  • Instruction ID: ef303df0a96c51800ef0a53ac4ed34e3f2e037f9cbc78bcc3fda6101160338d2
                                                  • Opcode Fuzzy Hash: 059b9e7dcc9bf5a9b2d162324d428766691881fb9c7eb73767e2217b061ef50a
                                                  • Instruction Fuzzy Hash: 36217F6B608B8592E720DF21E4403A977A1FB98BA8F454536DA8C0B779DF3CD195C780
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: FileHeader$ExceptionRaise
                                                  • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                  • API String ID: 3685223789-3176238549
                                                  • Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                  • Instruction ID: 77a8a98164203b78b10b3da5ce8721de4c4edb34ad194b7efa84b1de598d03d5
                                                  • Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                  • Instruction Fuzzy Hash: 49015EA1B29E4692EE40EB16E450178A360FF90FA4F4454F3D61E476B6EF6CD524C700
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                  • Instruction ID: 24809a1097e044ec1e9fade81df69fa3e485ba4df1af179a0e31790d86056fee
                                                  • Opcode Fuzzy Hash: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                  • Instruction Fuzzy Hash: A0113D32618F8182EB518F16F440269B7A5FB88F94F2842B2DE9C07B68EF3CD561C700
                                                  APIs
                                                  • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFE013F6A3D
                                                    • Part of subcall function 00007FFE013F4DD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4DF9
                                                    • Part of subcall function 00007FFE013F4DD0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4E28
                                                    • Part of subcall function 00007FFE013F4DD0: memcpy.VCRUNTIME140(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4E3F
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE013F6A5A
                                                  Strings
                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFE013F6A65
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Getmonthsmallocmemcpy
                                                  • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                  • API String ID: 1628830074-2030377133
                                                  • Opcode ID: 35463bc8c93a613b80807f21b191e9f09555c78c8fc656c1ad6d6a19475fa1ef
                                                  • Instruction ID: 7d6d26b7f3a5e2e6e0cfad2596e7b2514a7ee297a45acaecea40b3c57f5f3ea7
                                                  • Opcode Fuzzy Hash: 35463bc8c93a613b80807f21b191e9f09555c78c8fc656c1ad6d6a19475fa1ef
                                                  • Instruction Fuzzy Hash: 54E0ED21A15B4693EF409B12F5843696361FF48B94F845034DA0E0BB75DF7CE4B4C300
                                                  APIs
                                                  • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFE013F69ED
                                                    • Part of subcall function 00007FFE013F4DD0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4DF9
                                                    • Part of subcall function 00007FFE013F4DD0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4E28
                                                    • Part of subcall function 00007FFE013F4DD0: memcpy.VCRUNTIME140(?,?,00000000,00007FFE01406AB5,?,?,?,?,?,?,?,?,?,00007FFE0140A96E), ref: 00007FFE013F4E3F
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE013F6A0A
                                                  Strings
                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE013F6A15
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Getdaysmallocmemcpy
                                                  • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                  • API String ID: 1347072587-3283725177
                                                  • Opcode ID: d7c45e6467b4b0c6c3d92c6c630186995f40c112a9e553bbb50bfe941e4a602f
                                                  • Instruction ID: 426af90f47b4440abe5a6aee2f7be28b32de540249def8ac5e4e84cb0604dd72
                                                  • Opcode Fuzzy Hash: d7c45e6467b4b0c6c3d92c6c630186995f40c112a9e553bbb50bfe941e4a602f
                                                  • Instruction Fuzzy Hash: 64E0ED21A15B4293EF109B12F58436973A1EF48B94F544534DA0D0BB75DF3CE4A4C700
                                                  APIs
                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFE013F633D
                                                    • Part of subcall function 00007FFE013F4D50: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D72
                                                    • Part of subcall function 00007FFE013F4D50: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D98
                                                    • Part of subcall function 00007FFE013F4D50: memcpy.VCRUNTIME140(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4DB0
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE013F635A
                                                  Strings
                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFE013F6365
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Getmonthsmallocmemcpy
                                                  • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                  • API String ID: 1628830074-4232081075
                                                  • Opcode ID: ed084fae94afa21b919f43624ebef8cf161b3b61c5abe0357020c1cb6bd20feb
                                                  • Instruction ID: f8497dfe8c3507925476a2b0f2a297c35951d559fa87f8e566cf4f06e797f33d
                                                  • Opcode Fuzzy Hash: ed084fae94afa21b919f43624ebef8cf161b3b61c5abe0357020c1cb6bd20feb
                                                  • Instruction Fuzzy Hash: 6AE0C921A15B4292EF009B12F58526963A1EB58B90F484035DA1D0A775DF3CE4E4C740
                                                  APIs
                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFE013F62CD
                                                    • Part of subcall function 00007FFE013F4D50: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D72
                                                    • Part of subcall function 00007FFE013F4D50: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4D98
                                                    • Part of subcall function 00007FFE013F4D50: memcpy.VCRUNTIME140(?,?,?,00007FFE01402124,?,?,?,00007FFE013F43DB,?,?,?,00007FFE013F5B31), ref: 00007FFE013F4DB0
                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE013F62EA
                                                  Strings
                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE013F62F5
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free$Getdaysmallocmemcpy
                                                  • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                  • API String ID: 1347072587-3283725177
                                                  • Opcode ID: a04edf8c09a9591475f60b3d70615b483377bc7e811a615235a619ef21bdc5d2
                                                  • Instruction ID: f6e2270fb9ea1b7cc111f1aa08b9d7a535b5494aed83a2b29bb6d18f04c7b32b
                                                  • Opcode Fuzzy Hash: a04edf8c09a9591475f60b3d70615b483377bc7e811a615235a619ef21bdc5d2
                                                  • Instruction Fuzzy Hash: E4E0ED21B15B8293EF049B12F594369A365FF48B80F848434DA1D0B775EF3CE4A4C700
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrow
                                                  • String ID:
                                                  • API String ID: 432778473-0
                                                  • Opcode ID: d9bb2bc8e21e590b3fd8fc0242846147083d30a74871389f14427f3348973e5f
                                                  • Instruction ID: 3f6ef9a8942bd25f1c030384d86529519749b139d31aef7b6ed3ba5bf9942206
                                                  • Opcode Fuzzy Hash: d9bb2bc8e21e590b3fd8fc0242846147083d30a74871389f14427f3348973e5f
                                                  • Instruction Fuzzy Hash: 582153B6610A8489E729EE37E8523E92311F78C7D8F149426BF4D4FBAECE31C4518340
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1942982354.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                  • Associated: 0000000C.00000002.1942966820.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943004087.0000000140013000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943023597.000000014001A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943038875.000000014001B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_140000000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ExceptionThrow$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 2822070131-0
                                                  • Opcode ID: 30ed3b25f5ea98c469b603825ace0e1aecbe3e4cfdbff60b42ce3570a35d7577
                                                  • Instruction ID: fb8aed582c15149af4c4f009e579fb1eee3dc1aedb4e9a74b926e9b9865ab3f7
                                                  • Opcode Fuzzy Hash: 30ed3b25f5ea98c469b603825ace0e1aecbe3e4cfdbff60b42ce3570a35d7577
                                                  • Instruction Fuzzy Hash: 331151B5710A40C9E71DEB73A8423EA1211EB887C4F149536BF480BA6ECE76C4518740
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FFE1A4565B9,?,?,?,?,00007FFE1A45FB22,?,?,?,?,?), ref: 00007FFE1A45674B
                                                  • SetLastError.KERNEL32(?,?,?,00007FFE1A4565B9,?,?,?,?,00007FFE1A45FB22,?,?,?,?,?), ref: 00007FFE1A4567D4
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943942031.00007FFE1A451000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943912197.00007FFE1A450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943963981.00007FFE1A461000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943980366.00007FFE1A466000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1944001498.00007FFE1A467000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe1a450000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                  • Instruction ID: fdb1df9c94b19d349ed69f8c166ea8bf2120ad24cba9874ee0081fe6e84b312c
                                                  • Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                  • Instruction Fuzzy Hash: D1112164B0DA5242FA54AB27B804134A2A1AF48FB0F1846F6D97E077F5DF2CE8618700
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free
                                                  • String ID:
                                                  • API String ID: 1294909896-0
                                                  • Opcode ID: 852486122cb00080b5639f704aaa7e58ef1ce462034cf21ce9216cf11b249809
                                                  • Instruction ID: 0b161cbe35abb025478f37a365ca848c148f8ac6404ff633db6df27426626ba9
                                                  • Opcode Fuzzy Hash: 852486122cb00080b5639f704aaa7e58ef1ce462034cf21ce9216cf11b249809
                                                  • Instruction Fuzzy Hash: CBF0CF32A19B4293EB449B16EAA416873A6FB88F91F544031DA4E4BB70DF6DE4A5C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free
                                                  • String ID:
                                                  • API String ID: 1294909896-0
                                                  • Opcode ID: 182715280df3fc40601814c5744512493e6f35ef29a5c1ca4ed224eda537194d
                                                  • Instruction ID: 06503603013d92481f311f95c867eab23c70ac2541a2a6c18463cd258dccbfbd
                                                  • Opcode Fuzzy Hash: 182715280df3fc40601814c5744512493e6f35ef29a5c1ca4ed224eda537194d
                                                  • Instruction Fuzzy Hash: F8F0E732A19B4297EB449B16EAA41787362FF88B90F144031DA4E4BB70DF7DE4A5C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free
                                                  • String ID:
                                                  • API String ID: 1294909896-0
                                                  • Opcode ID: a847ff6ca7fe839d6cc9187651e3f3298f1fa2e3cccaa43c942698b5ae7eda73
                                                  • Instruction ID: 58c93d1b5776f3a24b80f1950f7b380fcd2f98012b1323db5bcdec5318b7bdf8
                                                  • Opcode Fuzzy Hash: a847ff6ca7fe839d6cc9187651e3f3298f1fa2e3cccaa43c942698b5ae7eda73
                                                  • Instruction Fuzzy Hash: 7FF0E732A19B4293EB449B16EAA417873A2FF88B90F144031DA4D4BB70DF7DE4A5C300
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.1943772318.00007FFE013F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE013F0000, based on PE: true
                                                  • Associated: 0000000C.00000002.1943756169.00007FFE013F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943815407.00007FFE01445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943833562.00007FFE01446000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943861537.00007FFE01473000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943879362.00007FFE01474000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 0000000C.00000002.1943895042.00007FFE01477000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffe013f0000_ImporterREDServer.jbxd
                                                  Similarity
                                                  • API ID: free
                                                  • String ID:
                                                  • API String ID: 1294909896-0
                                                  • Opcode ID: 6450893b12e4e8d3ba59de380ae1c872c3a05a801a1968db1460924bde307dc7
                                                  • Instruction ID: 111f7ae8152226d857051dd424f58d31100f2e509658485dd0251826edf07c38
                                                  • Opcode Fuzzy Hash: 6450893b12e4e8d3ba59de380ae1c872c3a05a801a1968db1460924bde307dc7
                                                  • Instruction Fuzzy Hash: 59E00276E15A0183FF159F62D8A40286375FF98F59B181032CE1E4E274DE6CD895C700