Edit tour

Windows Analysis Report
onestart.exe

Overview

General Information

Sample name:onestart.exe
Analysis ID:1602313
MD5:8d1970baec3509e3980627c6a30389ee
SHA1:092ca5f6c75f01a738bbe1378394ec25abab5f0b
SHA256:99e06b4f7ac24af3b64b5e07c2d179d75a2112a01b2c58d985d5c7cbc7a5f41f
Infos:
Errors
  • Corrupt sample or wrongly selected analyzer. Details: 36b1
  • Corrupt sample or wrongly selected analyzer. Details: 36b1
  • Corrupt sample or wrongly selected analyzer. Details: 36b1

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Detected potential crypto function
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • onestart.exe (PID: 2460 cmdline: "C:\Users\user\Desktop\onestart.exe" -install MD5: 8D1970BAEC3509E3980627C6A30389EE)
  • onestart.exe (PID: 1516 cmdline: "C:\Users\user\Desktop\onestart.exe" /install MD5: 8D1970BAEC3509E3980627C6A30389EE)
  • onestart.exe (PID: 2820 cmdline: "C:\Users\user\Desktop\onestart.exe" /load MD5: 8D1970BAEC3509E3980627C6A30389EE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: onestart.exeStatic PE information: certificate valid
Source: onestart.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\initialexe\chrome.exe.pdb source: onestart.exe
Source: onestart.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: onestart.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: onestart.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: onestart.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
Source: onestart.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: onestart.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: onestart.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: onestart.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: onestart.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: onestart.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: onestart.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: onestart.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: onestart.exeString found in binary or memory: http://ocsps.ssl.com0
Source: onestart.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: onestart.exeString found in binary or memory: https://crashpad.chromium.org/
Source: onestart.exeString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: onestart.exeString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: onestart.exeString found in binary or memory: https://www.ssl.com/repository0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF466400_2_00007FF65CF46640
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE7C9A00_2_00007FF65CE7C9A0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF0E2E00_2_00007FF65CF0E2E0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CFE56F00_2_00007FF65CFE56F0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CEB35400_2_00007FF65CEB3540
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF3FD400_2_00007FF65CF3FD40
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF11D400_2_00007FF65CF11D40
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF091500_2_00007FF65CF09150
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF745500_2_00007FF65CF74550
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF2F9C00_2_00007FF65CF2F9C0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE6E2A00_2_00007FF65CE6E2A0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE9DA900_2_00007FF65CE9DA90
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF756000_2_00007FF65CF75600
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE712700_2_00007FF65CE71270
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF4D6300_2_00007FF65CF4D630
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF424400_2_00007FF65CF42440
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF0F8400_2_00007FF65CF0F840
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE61BD00_2_00007FF65CE61BD0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CEA8FC00_2_00007FF65CEA8FC0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE6EBA00_2_00007FF65CE6EBA0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF7F1200_2_00007FF65CF7F120
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CEF73400_2_00007FF65CEF7340
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CEDD7400_2_00007FF65CEDD740
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CFE57700_2_00007FF65CFE5770
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CEB00900_2_00007FF65CEB0090
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CEAB4500_2_00007FF65CEAB450
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CFA041C0_2_00007FF65CFA041C
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE6C4400_2_00007FF65CE6C440
Source: C:\Users\user\Desktop\onestart.exeCode function: String function: 00007FF65CFC4550 appears 188 times
Source: C:\Users\user\Desktop\onestart.exeCode function: String function: 00007FF65CE94D60 appears 31 times
Source: onestart.exeStatic PE information: Number of sections : 12 > 10
Source: onestart.exeBinary string: \Device\DeviceApi
Source: onestart.exeBinary string: PathSystemDriveSystemRootTEMPTMPCHROME_CRASHPAD_PIPE_NAMEprocessIdtaglockdownLeveljobLeveldesiredIntegrityLeveldesiredMitigationsplatformMitigationscomponentFiltersappContainerSidappContainerCapabilitiesappContainerInitialCapabilitieslowboxSidpolicyRulesdisabledenableddisconnectCsrsszeroAppShimhandlesToCloseLockdownLimitedInteractiveRestricted Same AccessRestricted Non AdminLimited UserUnprotectedS-1-16-16384 SystemS-1-16-12288 HighS-1-16-8192 MediumS-1-16-6144 Medium LowS-1-16-4096 LowS-1-16-2048 Below LowS-1-16-0 Untrusted%016llx%016llx%016llx%08lxp[%d] == %xp[%d] == %pp[%d] & %x(p[%d], '%ls')exactprefixscanendsaskBrokerdenyalarmfakeSuccessfakeDeniedUnusedPing1Ping2NtOpenFileNtSetInfoRenameGdiDllInitializeGetStockObjectRegisterClassW*\windows_shell_global_counters\Device\DeviceApi\Device\KsecDDALPC Port{
Source: onestart.exeBinary string: \??\pipe\\\.\\Device\\Device\HarddiskVolume\Device\\/?/?\\??\ntdll.dllntdll.dllNtOpenProcessNtOpenProcessTokenNtSetInformationThreadNtOpenThreadTokenNtOpenThreadTokenExkernel32.dll
Source: onestart.exeBinary string: \Device\KsecDD
Source: classification engineClassification label: unknown3.winEXE@3/0@0/0
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: partition_alloc/address_space
Source: onestart.exeString found in binary or memory: --help display this help and exit
Source: onestart.exeString found in binary or memory: --help display this help and exit
Source: onestart.exeString found in binary or memory: free-invalid-address
Source: onestart.exeString found in binary or memory: ..\..\components\gwp_asan\crash_handler\crash_handler.ccDetected GWP-ASan crash with missing metadata.Detected GWP-ASan crash for allocation at 0x) of type Invalid address passed to free() is Experienced internal error: partitionallocunexpected allocator typeheap-use-after-freeheap-buffer-underflowheap-buffer-overflowdouble-freefree-invalid-addressunexpected error typeOn!@
Source: unknownProcess created: C:\Users\user\Desktop\onestart.exe "C:\Users\user\Desktop\onestart.exe" -install
Source: unknownProcess created: C:\Users\user\Desktop\onestart.exe "C:\Users\user\Desktop\onestart.exe" /install
Source: unknownProcess created: C:\Users\user\Desktop\onestart.exe "C:\Users\user\Desktop\onestart.exe" /load
Source: onestart.exeStatic PE information: certificate valid
Source: onestart.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: onestart.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: onestart.exeStatic file information: File size 2670816 > 1048576
Source: onestart.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1ece00
Source: onestart.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: onestart.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: onestart.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\initialexe\chrome.exe.pdb source: onestart.exe
Source: onestart.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: onestart.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: onestart.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: onestart.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: onestart.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF2F740 LoadLibraryW,GetProcAddress,0_2_00007FF65CF2F740
Source: onestart.exeStatic PE information: section name: .gxfg
Source: onestart.exeStatic PE information: section name: .retplne
Source: onestart.exeStatic PE information: section name: CPADinfo
Source: onestart.exeStatic PE information: section name: _RDATA
Source: onestart.exeStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE65CF9 push rbx; retf 0_2_00007FF65CE65CFA
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE65CEE push rdx; retf 0_2_00007FF65CE65CEF
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE706F0 rdtsc 0_2_00007FF65CE706F0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE706F0 rdtsc 0_2_00007FF65CE706F0
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE61000 GetCurrentThread,IsDebuggerPresent,GetModuleHandleW,GetProcAddress,GetCurrentThreadId,RaiseException,0_2_00007FF65CE61000
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF2F740 LoadLibraryW,GetProcAddress,0_2_00007FF65CF2F740
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF8D008 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF65CF8D008
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CF8D2B4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF65CF8D2B4
Source: C:\Users\user\Desktop\onestart.exeCode function: 0_2_00007FF65CE6D9E0 GetVersionExW,GetProductInfo,GetNativeSystemInfo,0_2_00007FF65CE6D9E0
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
Path Interception1
Process Injection
1
Process Injection
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API
Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information
LSASS Memory2
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information
Security Account Manager2
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1602313 Sample: onestart.exe Startdate: 29/01/2025 Architecture: WINDOWS Score: 3 4 onestart.exe 2->4         started        6 onestart.exe 2->6         started        8 onestart.exe 2->8         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
onestart.exe3%VirustotalBrowse
onestart.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0017.t-0009.t-msedge.net
13.107.246.45
truefalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0onestart.exefalse
      high
      http://ocsps.ssl.com0onestart.exefalse
        high
        https://crashpad.chromium.org/onestart.exefalse
          high
          http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0onestart.exefalse
            high
            http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_onestart.exefalse
              high
              http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0onestart.exefalse
                high
                https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newonestart.exefalse
                  high
                  https://crashpad.chromium.org/bug/newonestart.exefalse
                    high
                    https://www.ssl.com/repository0onestart.exefalse
                      high
                      No contacted IP infos
                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1602313
                      Start date and time:2025-01-29 17:50:20 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 2m 49s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Run name:Cmdline fuzzy
                      Number of analysed new started processes analysed:4
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:onestart.exe
                      Detection:UNKNOWN
                      Classification:unknown3.winEXE@3/0@0/0
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 72
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Unable to launch sample, stop analysis
                      • Corrupt sample or wrongly selected analyzer. Details: 36b1
                      • Corrupt sample or wrongly selected analyzer. Details: 36b1
                      • Corrupt sample or wrongly selected analyzer. Details: 36b1
                      • Exclude process from analysis (whitelisted): dllhost.exe
                      • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.109.210.53
                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                      • Execution Graph export aborted for target onestart.exe, PID 2460 because there are no executed function
                      No simulations
                      No context
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      s-part-0017.t-0009.t-msedge.netrandom.exeGet hashmaliciousCredential FlusherBrowse
                      • 13.107.246.45
                      SIP_20252701.bat.exeGet hashmaliciousMassLogger RAT, XRedBrowse
                      • 13.107.246.45
                      https://kk.pearlstorehouse.net/Get hashmaliciousHTMLPhisherBrowse
                      • 13.107.246.45
                      https://trycatchdebug.net/news/1125691/optimizing-loop-performance-in-gccGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      el.msiGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      PIS_030687.vbeGet hashmaliciousAgentTeslaBrowse
                      • 13.107.246.45
                      Keronal Trading Company - RFQ.dotGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      script.jsGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      RHGP0987090H.xlsxGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      Purchase_Agreement_1020036.pdf.lnk.bin.lnkGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      No context
                      No context
                      No context
                      No created / dropped files found
                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                      Entropy (8bit):6.406375638675686
                      TrID:
                      • Win64 Executable GUI (202006/5) 92.65%
                      • Win64 Executable (generic) (12005/4) 5.51%
                      • Generic Win/DOS Executable (2004/3) 0.92%
                      • DOS Executable Generic (2002/1) 0.92%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:onestart.exe
                      File size:2'670'816 bytes
                      MD5:8d1970baec3509e3980627c6a30389ee
                      SHA1:092ca5f6c75f01a738bbe1378394ec25abab5f0b
                      SHA256:99e06b4f7ac24af3b64b5e07c2d179d75a2112a01b2c58d985d5c7cbc7a5f41f
                      SHA512:21faf4494b14eafebe73d83ba21cb17c476757b495bf128e561a476c2eb3ea74e334a9175a9adda23b2009869e815773c012b41fb7642a1da0fb02571ec4196a
                      SSDEEP:49152:IQ4h1M/bW8si0sLAUvqy967e7CBksusuR6LgVm98l:bpDWCAUCysFksusC
                      TLSH:DDC56B13F29940D8D05AC0758746D632E9B2BC854B31B6DF12A07B5A2F77EE02B3DB25
                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....S/e.........."............................@..............................).....8.)...`........................................
                      Icon Hash:870f3cf0f80c0107
                      Entrypoint:0x14012d2a0
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x140000000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                      Time Stamp:0x652F530F [Wed Oct 18 03:37:51 2023 UTC]
                      TLS Callbacks:0x4002ee20, 0x1, 0x4012c510, 0x1, 0x400712d0, 0x1, 0x4012bc00, 0x1, 0x40008a80, 0x1, 0x400999a0, 0x1
                      CLR (.Net) Version:
                      OS Version Major:10
                      OS Version Minor:0
                      File Version Major:10
                      File Version Minor:0
                      Subsystem Version Major:10
                      Subsystem Version Minor:0
                      Import Hash:440c94dddc5c0e1fd2b6ae7701f67a3e
                      Signature Valid:true
                      Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                      Signature Validation Error:The operation completed successfully
                      Error Number:0
                      Not Before, Not After
                      • 28/07/2023 10:19:18 25/07/2026 02:16:00
                      Subject Chain
                      • OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA
                      Version:3
                      Thumbprint MD5:373A4AB5CF5347A5256C0B1B2EEAADBA
                      Thumbprint SHA-1:EB5A7872B0563D261362F00BC6AF0AFC36877A89
                      Thumbprint SHA-256:061E448E8AE39BB153B6B45FCF31CD2EBBCB1EAFC7814C4C5E8D9D919D8112C7
                      Serial:7DE8123E2B4CB350291ED602EDBC4592
                      Instruction
                      dec eax
                      sub esp, 28h
                      call 00007F51E04F6660h
                      dec eax
                      add esp, 28h
                      jmp 00007F51E04F64CFh
                      int3
                      int3
                      dec eax
                      mov dword ptr [esp+18h], ebx
                      push ebp
                      dec eax
                      mov ebp, esp
                      dec eax
                      sub esp, 30h
                      dec eax
                      mov eax, dword ptr [00102D78h]
                      dec eax
                      mov ebx, 2DDFA232h
                      cdq
                      sub eax, dword ptr [eax]
                      add byte ptr [eax+3Bh], cl
                      ret
                      jne 00007F51E04F66C6h
                      dec eax
                      and dword ptr [ebp+10h], 00000000h
                      dec eax
                      lea ecx, dword ptr [ebp+10h]
                      call dword ptr [000F6C3Ah]
                      dec eax
                      mov eax, dword ptr [ebp+10h]
                      dec eax
                      mov dword ptr [ebp-10h], eax
                      call dword ptr [000F6AF4h]
                      mov eax, eax
                      dec eax
                      xor dword ptr [ebp-10h], eax
                      call dword ptr [000F6AD0h]
                      mov eax, eax
                      dec eax
                      lea ecx, dword ptr [ebp+18h]
                      dec eax
                      xor dword ptr [ebp-10h], eax
                      call dword ptr [000F6D90h]
                      mov eax, dword ptr [ebp+18h]
                      dec eax
                      lea ecx, dword ptr [ebp-10h]
                      dec eax
                      shl eax, 20h
                      dec eax
                      xor eax, dword ptr [ebp+18h]
                      dec eax
                      xor eax, dword ptr [ebp-10h]
                      dec eax
                      xor eax, ecx
                      dec eax
                      mov ecx, FFFFFFFFh
                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x2233940x87.rdata
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x22341c0x64.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2600000x37a78.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x24a0000xdcbc.pdata
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x289c000x24e0.rsrc
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2980000x2290.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x220a7c0x38.rdata
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x2209500x28.rdata
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1ef1700x140.rdata
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x223bf00x770.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2224b00x180.rdata
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x1ecd7f0x1ece0020b54d3cff80506bbb36d33d6590358eFalse0.5096417900393102data6.519800631046198IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x1ee0000x4164c0x418001bb8f5946c0ec9c5961e1ee6de8ae274False0.3774153148854962data5.570528347976777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0x2300000x196700xf40069a018e8b054e24fe4a3498e9a96bb96False0.033203125data1.4248717927616121IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .pdata0x24a0000xdcbc0xde009ffc582e1e42162f74b5cce5084be846False0.5115427927927928data5.991029736699372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .gxfg0x2580000x2e800x3000133bbd43e0b29e003b9139a57a0ffcc7False0.40478515625data5.129224756439478IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .retplne0x25b0000xac0x2005255fc51b70bb72c37739ecd335cecfeFalse0.134765625data1.320312118710215
                      .tls0x25c0000x2310x400ffd165880605c7661e990b8841ed3327False0.04296875data0.21447604792517IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      CPADinfo0x25d0000x380x20060d3ea61d541c9be2e845d2787fb9574False0.04296875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      _RDATA0x25e0000x1f40x20043c9f395d51dccdd5abe31a27dc4e5e0False0.53125data4.222626840457297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      malloc_h0x25f0000x5a30x6005a673d975585c16f700e4eae2d82285cFalse0.6354166666666666data6.04971676914019IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x2600000x37a780x37c00b825b7a27f0dc2aabc0d86d39fa14c92False0.2223453265134529data4.407312866060774IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x2980000x22900x2400ba73c4467be1a092930e9224ad3dad1bFalse0.3228081597222222GLS_BINARY_LSB_FIRST5.384928991724464IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      GOOGLEUPDATEAPPLICATIONCOMMANDS0x2892b00x4dataEnglishUnited States3.0
                      RT_CURSOR0x2896d00x134data0.4837662337662338
                      RT_CURSOR0x2898200x134data0.22402597402597402
                      RT_CURSOR0x2899700x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"0.2077922077922078
                      RT_CURSOR0x289ac00x134data0.461038961038961
                      RT_CURSOR0x289c100x134data0.39935064935064934
                      RT_CURSOR0x289d480xcacdata0.08446362515413071
                      RT_CURSOR0x28aa200x134data0.32142857142857145
                      RT_CURSOR0x28ab580xcacdata0.06103575832305795
                      RT_CURSOR0x28b8300x10acTarga image data 64 x 65536 x 1 +32 " "0.03280224929709466
                      RT_CURSOR0x28c8f80x10acTarga image data 64 x 65536 x 1 +32 " "0.07966260543580131
                      RT_CURSOR0x28d9c00x10acTarga image data 64 x 65536 x 1 +32 " "0.07872539831302718
                      RT_CURSOR0x28ea880x10acTarga image data 64 x 65536 x 1 +32 " "0.07591377694470477
                      RT_CURSOR0x28fb500x10acTarga image data 64 x 65536 x 1 +32 " "0.03420805998125586
                      RT_CURSOR0x290c180x10acTarga image data 64 x 65536 x 1 +32 " "0.03655107778819119
                      RT_CURSOR0x291ce00x10acTarga image data 64 x 65536 x 1 +32 " "0.03795688847235239
                      RT_CURSOR0x292da80x10acTarga image data 64 x 65536 x 1 +32 " "0.03303655107778819
                      RT_CURSOR0x293e700x10acTarga image data 64 x 65536 x 1 +32 " "0.036785379568884724
                      RT_CURSOR0x294f380x10acTarga image data 64 x 65536 x 1 +32 " "0.03608247422680412
                      RT_CURSOR0x2960000x10acTarga image data 64 x 65536 x 1 +32 " "0.042877225866916585
                      RT_CURSOR0x2970c80x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"0.23376623376623376
                      RT_CURSOR0x2972180x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"0.1590909090909091
                      RT_CURSOR0x2973680x134data0.3181818181818182
                      RT_CURSOR0x2974b80x134data0.30194805194805197
                      RT_ICON0x260df00x49dbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9996826572169037
                      RT_ICON0x2657d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 11811 x 11811 px/mEnglishUnited States0.11448598130841121
                      RT_ICON0x275ff80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 11811 x 11811 px/mEnglishUnited States0.17949929145016533
                      RT_ICON0x27a2200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 11811 x 11811 px/mEnglishUnited States0.2628630705394191
                      RT_ICON0x27c7c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 11811 x 11811 px/mEnglishUnited States0.32598499061913694
                      RT_ICON0x27d8700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 11811 x 11811 px/mEnglishUnited States0.599290780141844
                      RT_ICON0x27dd380xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.2273454157782516
                      RT_ICON0x27ebe00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.34657039711191334
                      RT_ICON0x27f4880x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.5043352601156069
                      RT_ICON0x27f9f00x7c8PNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.8699799196787149
                      RT_ICON0x2801b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06182572614107884
                      RT_ICON0x2827600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.09849906191369606
                      RT_ICON0x2838080x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.23138297872340424
                      RT_ICON0x283cd80x4a8Device independent bitmap graphic, 17 x 32 x 32, image size 1088, resolution 2835 x 2835 px/mEnglishUnited States0.28439597315436244
                      RT_ICON0x2841800x1234Device independent bitmap graphic, 33 x 66 x 32, image size 4356, resolution 2835 x 2835 px/mEnglishUnited States0.11566523605150214
                      RT_ICON0x2853b80x2668Device independent bitmap graphic, 49 x 96 x 32, image size 9408, resolution 2835 x 2835 px/mEnglishUnited States0.07811228641171684
                      RT_ICON0x287a200x184bPNG image data, 257 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.992603312429651
                      RT_GROUP_CURSOR0x2898080x14Lotus unknown worksheet or configuration, revision 0x11.25
                      RT_GROUP_CURSOR0x2899580x14Lotus unknown worksheet or configuration, revision 0x11.25
                      RT_GROUP_CURSOR0x289aa80x14Lotus unknown worksheet or configuration, revision 0x11.3
                      RT_GROUP_CURSOR0x289bf80x14Lotus unknown worksheet or configuration, revision 0x11.3
                      RT_GROUP_CURSOR0x28a9f80x22Lotus unknown worksheet or configuration, revision 0x21.0
                      RT_GROUP_CURSOR0x28b8080x22Lotus unknown worksheet or configuration, revision 0x21.0
                      RT_GROUP_CURSOR0x28c8e00x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x28d9a80x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x28ea700x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x28fb380x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x290c000x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x291cc80x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x292d900x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x293e580x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x294f200x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x295fe80x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x2970b00x14Lotus unknown worksheet or configuration, revision 0x11.2
                      RT_GROUP_CURSOR0x2972000x14Lotus unknown worksheet or configuration, revision 0x11.3
                      RT_GROUP_CURSOR0x2973500x14Lotus unknown worksheet or configuration, revision 0x11.3
                      RT_GROUP_CURSOR0x2974a00x14Lotus unknown worksheet or configuration, revision 0x11.3
                      RT_GROUP_CURSOR0x2975f00x14Lotus unknown worksheet or configuration, revision 0x11.3
                      RT_GROUP_ICON0x27dcd80x5adataEnglishUnited States0.7666666666666667
                      RT_GROUP_ICON0x283c700x68dataEnglishUnited States0.7019230769230769
                      RT_GROUP_ICON0x2892700x3edataEnglishUnited States0.8870967741935484
                      RT_VERSION0x2892b80x418dataEnglishUnited States0.4351145038167939
                      RT_MANIFEST0x2976080x46cXML 1.0 document, ASCII text, with very long lines (1018)EnglishUnited States0.48586572438162545
                      DLLImport
                      chrome_elf.dllGetInstallDetailsPayload, IsBrowserProcess, IsExtensionPointDisableSet, SignalChromeElf, SignalInitializeCrashReporting
                      KERNEL32.dllAcquireSRWLockExclusive, AddVectoredExceptionHandler, CloseHandle, CompareStringW, ConnectNamedPipe, CreateDirectoryW, CreateEventW, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateRemoteThread, CreateSemaphoreW, CreateThread, DebugBreak, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesEx, EnumSystemLocalesW, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FlushViewOfFile, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameExW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetVersionExW, GetWindowsDirectoryW, HeapDestroy, HeapSetInformation, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, K32GetPerformanceInfo, K32GetProcessMemoryInfo, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, LockFileEx, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, PeekNamedPipe, PostQueuedCompletionStatus, PrefetchVirtualMemory, QueryDosDeviceW, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseSRWLockExclusive, ReleaseSemaphore, RemoveDirectoryW, RemoveVectoredExceptionHandler, ReplaceFileW, ResetEvent, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetDefaultDllDirectories, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetProcessMitigationPolicy, SetProcessShutdownParameters, SetStdHandle, SetThreadAffinityMask, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SleepEx, SuspendThread, SwitchToThread, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, Wow64GetThreadContext, WriteConsoleW, WriteFile, WriteProcessMemory, lstrlenA
                      VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                      ntdll.dllRtlInitUnicodeString
                      NameOrdinalAddress
                      GetHandleVerifier10x14006eb20
                      GetPakFileHashes20x140097130
                      IsSandboxedProcess30x140098500
                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 29, 2025 17:51:31.567310095 CET1.1.1.1192.168.2.50x9175No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Jan 29, 2025 17:51:31.567310095 CET1.1.1.1192.168.2.50x9175No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                      0246810s020406080100

                      Click to jump to process

                      Click to jump to process

                      All data are 0.

                      Target ID:0
                      Start time:11:51:16
                      Start date:29/01/2025
                      Path:C:\Users\user\Desktop\onestart.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Users\user\Desktop\onestart.exe" -install
                      Imagebase:0x7ff65ce60000
                      File size:2'670'816 bytes
                      MD5 hash:8D1970BAEC3509E3980627C6A30389EE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Target ID:2
                      Start time:11:51:18
                      Start date:29/01/2025
                      Path:C:\Users\user\Desktop\onestart.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Users\user\Desktop\onestart.exe" /install
                      Imagebase:0x7ff65ce60000
                      File size:2'670'816 bytes
                      MD5 hash:8D1970BAEC3509E3980627C6A30389EE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Target ID:3
                      Start time:11:51:20
                      Start date:29/01/2025
                      Path:C:\Users\user\Desktop\onestart.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Users\user\Desktop\onestart.exe" /load
                      Imagebase:0x7ff65ce60000
                      File size:2'670'816 bytes
                      MD5 hash:8D1970BAEC3509E3980627C6A30389EE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Non-executed Functions

                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF65CF403EA
                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF65CF403CD
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                      • API String ID: 4258034872-112411280
                      • Opcode ID: 42b7097773991eda637275bfd3f16c6bf8158ab52586fff72c7717a00fe599f5
                      • Instruction ID: 0be7850091aa09014455c4ac5e96de4bb8523a9124661d9d2c0cd0dcbe4bdfa4
                      • Opcode Fuzzy Hash: 42b7097773991eda637275bfd3f16c6bf8158ab52586fff72c7717a00fe599f5
                      • Instruction Fuzzy Hash: 5452CD27A1CA8682EA509F25D58437E6760FF84B94F494632EE9EA77D4DF3CE581C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ErrorLast$CreateFileFreeFrequencyLocalPerformanceQuery
                      • String ID: ..\..\base\win\security_util.cc$..\..\third_party\libc++\src\include\__string\char_traits.h:146: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$AddACEToPath$GetHandleVerifier$ScopedBlockingCall$unknown
                      • API String ID: 1041212472-3714041534
                      • Opcode ID: 972ff6b331d856175bebe2d8276af63c86cda9f1fd4a5b10e4344539640b6c80
                      • Instruction ID: c8f4d5febe53a8fec3c3ed26278dbc6d5f837990a0ace6aded61bc5a68a36e6a
                      • Opcode Fuzzy Hash: 972ff6b331d856175bebe2d8276af63c86cda9f1fd4a5b10e4344539640b6c80
                      • Instruction Fuzzy Hash: 91027F32A0CA9289FB218B35E8493BE63A1FFC5744F484135DA8DA7695EF3DE485C740
                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CF756C4
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CF756B1
                      • Path, xrefs: 00007FF65CF75AAC
                      • MZx, xrefs: 00007FF65CF7591E
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: EnvironmentStrings$Free
                      • String ID: ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$MZx$Path
                      • API String ID: 3328510275-2741228475
                      • Opcode ID: dc6cb8db1b7e01507b103194a2e011da3f8ca2532850b629e5568b200a998139
                      • Instruction ID: e97c20f38de903495e96c28d9f8ab81ad6db015f4d994e4710bd11c4248d90fc
                      • Opcode Fuzzy Hash: dc6cb8db1b7e01507b103194a2e011da3f8ca2532850b629e5568b200a998139
                      • Instruction Fuzzy Hash: 8DF16A22A0CBD685EB618F25E8447BAB3A1FF88784F484031DA8DA3695EF7CD585D740
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ErrorLast$AddressCreateFileHandleModuleProc
                      • String ID: ..\..\base\files\file_win.cc$DoInitialize$GetHandleVerifier
                      • API String ID: 2959055312-1999724202
                      • Opcode ID: f3e2b1f6e5e52bc0613aad3a784cb0dfc059c177b039a0e93ee90eda0a51f27d
                      • Instruction ID: 111f88fcdbfa3aee38a4987a581361bb863984742bef887d25ded012f7996b9f
                      • Opcode Fuzzy Hash: f3e2b1f6e5e52bc0613aad3a784cb0dfc059c177b039a0e93ee90eda0a51f27d
                      • Instruction Fuzzy Hash: B171D322B1C79282FB288B25E855B7966D1BF84B80F485434DE4FA3BD2EE3CE4459300
                      APIs
                      Strings
                      • SetThreadDescription, xrefs: 00007FF65CE6110A
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CE61181
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CE6116E
                      • Kernel32.dll, xrefs: 00007FF65CE610FD
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: CurrentThread$AcquireAddressDebuggerExceptionExclusiveHandleLockModulePresentProcRaise
                      • String ID: ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Kernel32.dll$SetThreadDescription
                      • API String ID: 1876178700-2641643690
                      • Opcode ID: 0eb5f16fc6790b45caae18aab141b4eec7d1320c04d89d6b107644dbf4b249b7
                      • Instruction ID: 6fd0dc1a4027bc48a528a834605b690bc7efc07952988ae77ac26bceed554f2f
                      • Opcode Fuzzy Hash: 0eb5f16fc6790b45caae18aab141b4eec7d1320c04d89d6b107644dbf4b249b7
                      • Instruction Fuzzy Hash: BA512562E1CA9295FE919F31ED142B823A1AF44B80F4C4031DA5EF76E5EE3DE5C98301
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: %s (errno: %d, %s)$..\..\base\task\sequence_manager\work_tracker.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc$PERFETTO_CHECK(cur_packet_->is_finalized())$WaitNoSyncWork
                      • API String ID: 0-717535376
                      • Opcode ID: 05d03a61b4371985e3644a98391369d09db2b24d63db18aa3a6a65f7aff20102
                      • Instruction ID: 4271e970c866870181962b5970fffbba1e1edbe48a08abab6da7a9c05c1ff9ec
                      • Opcode Fuzzy Hash: 05d03a61b4371985e3644a98391369d09db2b24d63db18aa3a6a65f7aff20102
                      • Instruction Fuzzy Hash: 95C2AC27A08B8292EB64CB35E4507B977A0FF94B84F588136CA4DA7795DF3CE496D300
                      Strings
                      • ..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range, xrefs: 00007FF65CE62946
                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF65CE627E8
                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF65CE6280E
                      • @KL, xrefs: 00007FF65CE6278B
                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF65CE627FB
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range$@KL
                      • API String ID: 0-2200414399
                      • Opcode ID: 67d810ab881ecf2c30e2e2d01dc122044391b77335c55a34de39a2cce76d470b
                      • Instruction ID: 205321e570e76ac05a408baef0bf5ca1daf3155b940d8196f7db3db19502f520
                      • Opcode Fuzzy Hash: 67d810ab881ecf2c30e2e2d01dc122044391b77335c55a34de39a2cce76d470b
                      • Instruction Fuzzy Hash: CF72BD73B19A9686EA648B25E8503B963A1FB84B94F488132DF4DB77D5DF3CE485C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 1646373207-1090674830
                      • Opcode ID: c35b0a4efab322e394a8ddb19eaaf240079de7605ae0474569e9e71fc9dca49f
                      • Instruction ID: 01fb71c6611bcd91f3cd36c10298bdcdd118bab85379b52c168fea6847f9a725
                      • Opcode Fuzzy Hash: c35b0a4efab322e394a8ddb19eaaf240079de7605ae0474569e9e71fc9dca49f
                      • Instruction Fuzzy Hash: 3061C326A0DA2781EB689F35E4593792362BF55B80F5C8435D90FF73E0EEBCE5499200
                      APIs
                      • GetCurrentThread.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE70750
                      • GetThreadPriority.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE70755
                      • GetCurrentThread.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE7075D
                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE70767
                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE707CD
                      • GetCurrentThread.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE707D6
                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE707E1
                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE707F2
                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,00007FF65CE692A7), ref: 00007FF65CE708C0
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                      • String ID:
                      • API String ID: 2845919953-0
                      • Opcode ID: 36c21b57f356a79d3c8717fbecf6736204165612334de6ce85e90b3e86a1df39
                      • Instruction ID: badf369c19e789783ffac087cc803c393c4120cd0564c71a4c73fdbe9477b621
                      • Opcode Fuzzy Hash: 36c21b57f356a79d3c8717fbecf6736204165612334de6ce85e90b3e86a1df39
                      • Instruction Fuzzy Hash: D8515F22A1DB4289E612EF35E85427A6361BF54B90F595231D94DB32E1EF3CE08AC700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLockRelease
                      • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$PERFETTO_CHECK(was_always_bound_)$Shared memory buffer max stall count exceeded; possible deadlock (errno: %d, %s)$C"
                      • API String ID: 1766480654-3685164563
                      • Opcode ID: b490cdd4113b15c4c1db3b5f43dce7e21a4a8aad2108ff521e0f59c2e3b0c2e0
                      • Instruction ID: d4a4f5a02d39b86062e5cc812c98da14e2c23f6b134d1c7f285cbbbe60f0ebbe
                      • Opcode Fuzzy Hash: b490cdd4113b15c4c1db3b5f43dce7e21a4a8aad2108ff521e0f59c2e3b0c2e0
                      • Instruction Fuzzy Hash: D8A1AF33A1CA5686EB24CF25E44036977A0FB84B84F585135DB4EA7BA0EF7CE595CB00
                      Strings
                      • (flags = 0x%x), xrefs: 00007FF65CFE5A00
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CFE5A4D
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CFE5A3A
                      • Histogram: , xrefs: 00007FF65CFE5910
                      • recorded , xrefs: 00007FF65CFE592E
                      • {%3.1f%%}, xrefs: 00007FF65CFE5E3B
                      • , mean = %.1f, xrefs: 00007FF65CFE59E8
                      • samples, xrefs: 00007FF65CFE5987
                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF65CFE58B2, 00007FF65CFE5DE0
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: (flags = 0x%x)$ recorded $ samples$ {%3.1f%%}$, mean = %.1f$..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Histogram:
                      • API String ID: 0-3325067693
                      • Opcode ID: af97fbeec3280c22afd41ab32ac1071b2a421ff0eddfa3d6150c1e333a65a9a0
                      • Instruction ID: 8f79949be320eb16ad942d606319642c0384b30209cb786727d12d0f1e2f73c9
                      • Opcode Fuzzy Hash: af97fbeec3280c22afd41ab32ac1071b2a421ff0eddfa3d6150c1e333a65a9a0
                      • Instruction Fuzzy Hash: 28D1B323B09A4685EA64DB3AE4403BD6361EF84B84F5C8131DE4DA77A1EF3DE586C700
                      APIs
                      • VirtualAlloc.KERNEL32 ref: 00007FF65CE6EC1B
                      • GetLastError.KERNEL32 ref: 00007FF65CE6EC54
                      • VirtualAlloc.KERNEL32 ref: 00007FF65CE6ECB2
                      • GetLastError.KERNEL32 ref: 00007FF65CE6ECD9
                      • VirtualAlloc.KERNEL32 ref: 00007FF65CE6ED37
                      • VirtualFree.KERNEL32 ref: 00007FF65CE6ED64
                      • GetLastError.KERNEL32 ref: 00007FF65CE6ED7C
                      • VirtualFree.KERNEL32 ref: 00007FF65CE6EE15
                        • Part of subcall function 00007FF65CFF59D0: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6EE57), ref: 00007FF65CFF59DB
                        • Part of subcall function 00007FF65CFF59D0: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6EE57), ref: 00007FF65CFF59F8
                        • Part of subcall function 00007FF65CFF5980: VirtualAlloc.KERNEL32(?,?,00000000,00007FF65CE6EE67), ref: 00007FF65CFF599E
                      • VirtualFree.KERNEL32 ref: 00007FF65CE6EE3B
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: Virtual$Alloc$ErrorFreeLast$ExclusiveLock$AcquireRelease
                      • String ID:
                      • API String ID: 2766871365-0
                      • Opcode ID: a37c2ece665af2fc39317245432a5a8986f3cd0a2eb6af675b87a7bfdebc4bcf
                      • Instruction ID: 8a93d70f57153897ad5f3188415189c37005c8cb4d0403f32e171f50a86d956c
                      • Opcode Fuzzy Hash: a37c2ece665af2fc39317245432a5a8986f3cd0a2eb6af675b87a7bfdebc4bcf
                      • Instruction Fuzzy Hash: 16718212F2DA2646FA699FB278157795A816F54B88F4C4438DE0EF77C1FD3DE0898200
                      Strings
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CEAB7B4
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CEAB730
                      • t Hv, xrefs: 00007FF65CEAB798
                      • Micr, xrefs: 00007FF65CEAB77F
                      • osof, xrefs: 00007FF65CEAB78C
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Micr$osof$t Hv
                      • API String ID: 0-3846041463
                      • Opcode ID: 29694d02792a9d3937463f115ebbc86a34731b6a4690876cf81d31d842a7e97e
                      • Instruction ID: e0dac52b0953fc40a1649c6b6cc19241eff6c31261af79e333b430fce9b3ccd0
                      • Opcode Fuzzy Hash: 29694d02792a9d3937463f115ebbc86a34731b6a4690876cf81d31d842a7e97e
                      • Instruction Fuzzy Hash: B0E13573B186518AEB248B39D4402AD7BB1EB98784F0C8136DF4EAB791DE7CE545C340
                      APIs
                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF65CE6E380
                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF65CE6E415
                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000010,3333333333333333,-5555555555555556,?,?,?,00000000,?,00007FF65CE7CBE9), ref: 00007FF65CE6E452
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Release$Acquire
                      • String ID: first
                      • API String ID: 1021914862-2456940119
                      • Opcode ID: 72e2ede85b5e34c08875fc115544c49e26d6f6996c9c2c170c0fea949cc7e857
                      • Instruction ID: 9bfb4c1ed6a0aa5b393723d20f3ea3443690968f0ae2d1158d27129dd12e1ff3
                      • Opcode Fuzzy Hash: 72e2ede85b5e34c08875fc115544c49e26d6f6996c9c2c170c0fea949cc7e857
                      • Instruction Fuzzy Hash: 93F1FF63A1CA9286EA14CB65E4113B96761EF84BD4F5C4131DB5EB77E4EE3CE486C300
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: (flags = 0x%x)$ recorded $ samples$ {%3.1f%%}$, mean = %.1f$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Histogram:
                      • API String ID: 0-346825179
                      • Opcode ID: 0223624741fa2f01d928e5990f6bca68a66a3d2f52a6519768a70967ec3f075a
                      • Instruction ID: 1de5b1ce06156b7ba8fea1bcd01998979762cbe7587d2a9a669a2dc6c584e2b3
                      • Opcode Fuzzy Hash: 0223624741fa2f01d928e5990f6bca68a66a3d2f52a6519768a70967ec3f075a
                      • Instruction Fuzzy Hash: 2BD1C723B0878681EA65DB36E54437963A1FF85B84F588531DE4EA77A1EF3CE482C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease
                      • String ID: 33333333$UUUUUUUU
                      • API String ID: 17069307-3483174168
                      • Opcode ID: 7c0cfcc1baf1440c571b93f4a1a5fdeff0113146ae231735154408bb47940917
                      • Instruction ID: ad752f0f316023745debc1f8a79e9c270ac9d0feacf5de970632421d2b1e68db
                      • Opcode Fuzzy Hash: 7c0cfcc1baf1440c571b93f4a1a5fdeff0113146ae231735154408bb47940917
                      • Instruction Fuzzy Hash: 8AD1D177B1C64286FB248F69E04077C6391AF94B94F188136DE4DA7B94DF3DE9868700
                      APIs
                      Strings
                      • ProcessPrng, xrefs: 00007FF65CF2F982
                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:368: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF65CF2F901
                      • bcryptprimitives.dll, xrefs: 00007FF65CF2F970
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressLibraryLoadProc
                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:368: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$ProcessPrng$bcryptprimitives.dll
                      • API String ID: 2574300362-3291573388
                      • Opcode ID: 48a415e8244bee76e1789317ef023a126e1b23c080200d00c968010bc40e49c6
                      • Instruction ID: 98322e2fefde907183ce04da4e3afca4e986688b537ee47aa72533759522328b
                      • Opcode Fuzzy Hash: 48a415e8244bee76e1789317ef023a126e1b23c080200d00c968010bc40e49c6
                      • Instruction Fuzzy Hash: 7A519F27B19696A5FD109B25EC542B96351EF10BA0F9C4632DD2DA73E0EE3CE48AC300
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease$Alloc
                      • String ID:
                      • API String ID: 3005806778-0
                      • Opcode ID: 961db99f5c60a25f73bddd8b6b0e42a944cda1362e093a0f51a5107cdbee99b6
                      • Instruction ID: 744f5ae3dbbc36f71cf42b6cda1b1e327253325a86dfc641f6a21ea2b48f33dd
                      • Opcode Fuzzy Hash: 961db99f5c60a25f73bddd8b6b0e42a944cda1362e093a0f51a5107cdbee99b6
                      • Instruction Fuzzy Hash: C0E1F133A0DB8185E755CB30E5543AD77A4FF55384F498236DA9DA36A0EF38E1AAC300
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$33333333$33333333$UUUUUUUU$UUUUUUUU
                      • API String ID: 0-1150390289
                      • Opcode ID: 819ab107d4f447194762b2be838496db397592f8075fed654fb025b0f3e7794f
                      • Instruction ID: 0014d759a91170c2b800e4b2351af4a5e6997cd21168e61a452266276b7de27a
                      • Opcode Fuzzy Hash: 819ab107d4f447194762b2be838496db397592f8075fed654fb025b0f3e7794f
                      • Instruction Fuzzy Hash: F4C12367B19A0A95EE249B3698512786392AF54FD0B4CC532DE4FB7784EE3CF685C300
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$33333333$UUUUUUUU$UUUUUUUU$UUUUUUUU
                      • API String ID: 17069307-4248773287
                      • Opcode ID: f98342046214cbb58227e8bf3fce01651b405d7a4aa1f0c47f4ea81c9748b16c
                      • Instruction ID: 3448d42411495a47a14de57b6939120c9c206175a3d736732c95c02f3f587cd6
                      • Opcode Fuzzy Hash: f98342046214cbb58227e8bf3fce01651b405d7a4aa1f0c47f4ea81c9748b16c
                      • Instruction Fuzzy Hash: E402D063B19A9A81EE14CB26980137963E5AF58BC0F0C8532DE4DB7796EF3CE195D300
                      Strings
                      • 1U!S, xrefs: 00007FF65CF0E6D5
                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF65CF0EF59
                      • 1U!S, xrefs: 00007FF65CF0E661
                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF65CF0EF46
                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF65CF0EF78
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S
                      • API String ID: 0-3836195222
                      • Opcode ID: 1cd61dc34cfa349b041f1820f670b4c22620ca392dd8568b6a1da0ecfaa33010
                      • Instruction ID: 932abbf363c7dd71ee888161e85b8c1e91d0690edc332b05e49fef7f8a353228
                      • Opcode Fuzzy Hash: 1cd61dc34cfa349b041f1820f670b4c22620ca392dd8568b6a1da0ecfaa33010
                      • Instruction Fuzzy Hash: 14F1BC73A1864286EA288B31E5046B977A1FF84B84F588435DA8EF7B95DF3CF845C700
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                      • String ID:
                      • API String ID: 2933794660-0
                      • Opcode ID: be3fbeca9a260eb0b4d614ac1e0bca5dbea597bfe1fa2a14053cff9ce78fb618
                      • Instruction ID: 83e4fa2c918c8ff00a9cd80045c5919ac3140ddd1fa69af19dad81b4b2113f21
                      • Opcode Fuzzy Hash: be3fbeca9a260eb0b4d614ac1e0bca5dbea597bfe1fa2a14053cff9ce78fb618
                      • Instruction Fuzzy Hash: EB113322B18F058AEB00CF60E8542B933A4FB59758F480D31EA5DD77A4EF7CD1588340
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$UMA.NegativeSamples.Histogram$UMA.NegativeSamples.Increment$UMA.NegativeSamples.Reason
                      • API String ID: 0-952403503
                      • Opcode ID: 5ab731c25acfd40a1f209fc21268617434fcb75e3402cdc3b9072fbc94a5dd3d
                      • Instruction ID: 50bc1267ed4bd2fcb9286483b3a2de982f5852c1620004ecdd5537e1d83e4d07
                      • Opcode Fuzzy Hash: 5ab731c25acfd40a1f209fc21268617434fcb75e3402cdc3b9072fbc94a5dd3d
                      • Instruction Fuzzy Hash: 9402E663F0960287FE348B3994402796292EF84B95F5C8635CE1EA77D0EE3DE5829380
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$UMA.NegativeSamples.Histogram$UMA.NegativeSamples.Increment$UMA.NegativeSamples.Reason
                      • API String ID: 0-952403503
                      • Opcode ID: 465a89dcde60ae84590ccfd879acf4098c543317fc5e229321c0cbe33179f5a3
                      • Instruction ID: 44695fe8a8d0d5329617280ce6c6c71babb038c63bb60a65c986745400cdefc7
                      • Opcode Fuzzy Hash: 465a89dcde60ae84590ccfd879acf4098c543317fc5e229321c0cbe33179f5a3
                      • Instruction Fuzzy Hash: 14C1F673B0964682EE248B39D44027867E1EF85B95F5C8636CE1DA77D4EE3CE482DB00
                      Strings
                      • Histogram.BadConstructionArguments, xrefs: 00007FF65CF2FCF2
                      • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF65CF2FCC0
                      • Blink.UseCounter, xrefs: 00007FF65CF2FC2B
                      • Histogram.TooManyBuckets.1000, xrefs: 00007FF65CF2FC1F
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.TooManyBuckets.1000
                      • API String ID: 0-996207520
                      • Opcode ID: d01a589d282834340cc9ba688222b94b73c2717647cafaac592f80899f5ba512
                      • Instruction ID: 51eb2c09433ab431e200f0fc68dceb5dc0350c40c91103b4535e4ba3e7857aba
                      • Opcode Fuzzy Hash: d01a589d282834340cc9ba688222b94b73c2717647cafaac592f80899f5ba512
                      • Instruction Fuzzy Hash: 3891EF27E2D79292E710DB35AC643BA7394EF48384F598131DE5DA3791EE3CE5868B00
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b619f577dffa74d7eaa90b9637bc6f56324efcd16269f9ee269f6eec7d79ce19
                      • Instruction ID: 9c07d723bfc3a60ee58bf87bb1a26bab7d85d72c1924f880beaa2085ac994bfe
                      • Opcode Fuzzy Hash: b619f577dffa74d7eaa90b9637bc6f56324efcd16269f9ee269f6eec7d79ce19
                      • Instruction Fuzzy Hash: 40618532E2D96285FA509B35F9406792350EF84BA0F9C5231CB2DB77E4EE2CE5C68340
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc$PERFETTO_CHECK(cur_packet_->is_finalized())
                      • API String ID: 0-1305856970
                      • Opcode ID: 3a2582968a10d8a9949788a6502a74d1e9a5481484bfdef9be61b6a3f383584c
                      • Instruction ID: 49d32d02c64472aa6c3cea4af0d06cc21fe8756bf4b67dfa1bf935063bc86371
                      • Opcode Fuzzy Hash: 3a2582968a10d8a9949788a6502a74d1e9a5481484bfdef9be61b6a3f383584c
                      • Instruction Fuzzy Hash: 0BA1C733A09B8582EA24CF25E445379B7A0FB94B94F085235EB8D67BA5DF3CE495C700
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: Micr$osof$t Hv
                      • API String ID: 0-2053847325
                      • Opcode ID: 72b4b66b7b890905271de2bc2675f5de0ad84b5dc0b511fa7083f481326fd148
                      • Instruction ID: 2df28c6439dfb45ae69376ab84541c701dd2b322e92d57bbdc072f3f2b6ebfd4
                      • Opcode Fuzzy Hash: 72b4b66b7b890905271de2bc2675f5de0ad84b5dc0b511fa7083f481326fd148
                      • Instruction Fuzzy Hash: 8E4108B3F1D2964BE78B862C50026AD0A554331388F29417ADD4AEF382DC6DEB49C3C2
                      Strings
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CF46C88
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CF46C67
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                      • API String ID: 0-3440194742
                      • Opcode ID: cec4bdbd4d118d749ec94f25885ef23e5afda5ada8f5854c96b96c266b80814d
                      • Instruction ID: cb98fa00460a290cea857086804b0883f35db4a70dfa76824cc8f35bd17cc5c9
                      • Opcode Fuzzy Hash: cec4bdbd4d118d749ec94f25885ef23e5afda5ada8f5854c96b96c266b80814d
                      • Instruction Fuzzy Hash: 22120463B1DA9281EA158B31968437D2760EF01BE4F589232DEEEA77D4DE3CE546C300
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 44b6302aede2dd13ff882eb9c1be377701c721944b08f923b62188f15a2c4496
                      • Instruction ID: a4f9b9c2d86d6d0771182f7f0c9672237263eaacb6d994d81fdcb9518171d329
                      • Opcode Fuzzy Hash: 44b6302aede2dd13ff882eb9c1be377701c721944b08f923b62188f15a2c4496
                      • Instruction Fuzzy Hash: 11324C770B46004BD31FCE2ED99158AB292F784AA2709F238FE57C7B54E67CEE158604
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 00175c45f5eab2b49f7c0eefe795a65330b0dd21f30b0ce64b62f0a037898830
                      • Instruction ID: bfa7cfa1384b817e1a96538eb9ba8a5aa4ebda365c22093a68051721a04569db
                      • Opcode Fuzzy Hash: 00175c45f5eab2b49f7c0eefe795a65330b0dd21f30b0ce64b62f0a037898830
                      • Instruction Fuzzy Hash: 9FA1BBD3F8126D43DD088FA5A8628B99B06B758FD4708B233DE0E5B799ED3CD596C204
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6bf49100dd6becf469f74a73bc109d56aa818309d1dc2393a8c926634320592c
                      • Instruction ID: 7b0440b1d68a4dc182d6b6a935c2b5471486982e14f661389055fbc036b6bc78
                      • Opcode Fuzzy Hash: 6bf49100dd6becf469f74a73bc109d56aa818309d1dc2393a8c926634320592c
                      • Instruction Fuzzy Hash: 0C412363F199F245F625C971A510239AE616B01BD4F5A8536CD9FB37D4CE7CAC438340
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 784be3232f89aeafee8c9aea57235adf499e31735a9a434dc43fab10a48f506a
                      • Instruction ID: 8c20b90cf9917e3f3fb50b666c6cd8925f41e1498b02e3b68175a78015ea6b16
                      • Opcode Fuzzy Hash: 784be3232f89aeafee8c9aea57235adf499e31735a9a434dc43fab10a48f506a
                      • Instruction Fuzzy Hash: 4841B463718A5586EF44CF2AE914169B391BB88FD0F099032EE0DE7B54EF3CD4418300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID: NtAllocateVirtualMemory$NtClose$NtCreateFile$NtCreateSection$NtDuplicateObject$NtFreeVirtualMemory$NtMapViewOfSection$NtOpenProcessTokenEx$NtOpenThread$NtProtectVirtualMemory$NtQueryAttributesFile$NtQueryFullAttributesFile$NtQueryInformationProcess$NtQueryObject$NtQuerySection$NtQueryVirtualMemory$NtSetInformationFile$NtSignalAndWaitForSingleObject$NtUnmapViewOfSection$NtWaitForSingleObject$RtlAllocateHeap$RtlAnsiStringToUnicodeString$RtlCompareUnicodeString$RtlCreateHeap$RtlDestroyHeap$RtlFreeHeap$RtlNtStatusToDosError$_strnicmp$memcpy$ntdll.dll$strlen$wcslen
                      • API String ID: 4139908857-3460877470
                      • Opcode ID: 78f11dc8df2ff6899cb54660b4d255f40e6cdaa565f523ff77fc324882e58bd3
                      • Instruction ID: 8c94bb88140379badf7aa6bbfbf28429bba22261bb35b0f361daee490bb33379
                      • Opcode Fuzzy Hash: 78f11dc8df2ff6899cb54660b4d255f40e6cdaa565f523ff77fc324882e58bd3
                      • Instruction Fuzzy Hash: AF811E25A0DA27A0FA15DF25F4550BA33A1FF85B84F484136C84DFB7A5FF2CA10A8381
                      APIs
                      Strings
                      • N, xrefs: 00007FF65CFE93A5
                      • START, xrefs: 00007FF65CFE9229
                      • AttemptToNotifyRunningChrome:Error RemoteDied, xrefs: 00007FF65CFE9545
                      • AttemptToNotifyRunningChrome, xrefs: 00007FF65CFE95CB
                      • AttemptToNotifyRunningChrome:GetWindowThreadProcessId failed, xrefs: 00007FF65CFE9622
                      • source-shortcut, xrefs: 00007FF65CFE91FD
                      • AttemptToNotifyRunningChrome:GetCurrentDirectory failed, xrefs: 00007FF65CFE9689
                      • AttemptToNotifyRunningChrome:Error SendFailed, xrefs: 00007FF65CFE9551
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CFE9592
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CFE957F
                      • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF65CFE9653
                      • AttemptToNotifyRunningChrome:Error RemoteHung, xrefs: 00007FF65CFE96E0
                      • AttemptToNotifyRunningChrome:SendMessage, xrefs: 00007FF65CFE96B6
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ErrorInfoLastStartup
                      • String ID: N$..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$AttemptToNotifyRunningChrome$AttemptToNotifyRunningChrome:Error RemoteDied$AttemptToNotifyRunningChrome:Error RemoteHung$AttemptToNotifyRunningChrome:Error SendFailed$AttemptToNotifyRunningChrome:GetCurrentDirectory failed$AttemptToNotifyRunningChrome:GetWindowThreadProcessId failed$AttemptToNotifyRunningChrome:SendMessage$START$source-shortcut
                      • API String ID: 2260939616-2789412798
                      • Opcode ID: 03e7935f68690a07277458f4661d54d75aacb44f4bb4fbcd6f5fe8b00926e69e
                      • Instruction ID: 631ec2b8ddbdb3da40edc6c93d3169fc7bbcbcd5c5d95f10a3779c69b4682a22
                      • Opcode Fuzzy Hash: 03e7935f68690a07277458f4661d54d75aacb44f4bb4fbcd6f5fe8b00926e69e
                      • Instruction Fuzzy Hash: 00F14B72A0CB8295EA618F24E4503FA77A0FF85784F484035DACCA7695EF7DE289C750
                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\optional:801: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF65CF31128
                      • <, xrefs: 00007FF65CF3108D
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                      • String ID: ..\..\third_party\libc++\src\include\optional:801: assertion this->has_value() failed: optional operator* called on a disengaged value$<
                      • API String ID: 593636287-161334329
                      • Opcode ID: 034309aed67dabc186066d97b69357c885715cd4913f6d0561a3258869a4a931
                      • Instruction ID: 26fd66241908f121aa6125afc0db67e6cf36422429c8ac356c6982bcc17401e6
                      • Opcode Fuzzy Hash: 034309aed67dabc186066d97b69357c885715cd4913f6d0561a3258869a4a931
                      • Instruction Fuzzy Hash: 03C19D23A0CA4695EA659F31EA1037967A1EF44F94F4D8532DA4EB72D1EF3CE085C302
                      Strings
                      • kernel32.dll, xrefs: 00007FF65CE86111
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CE86275
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CE85EA4, 00007FF65CE86262
                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:223: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF65CE85EE7
                      • SetUnhandledExceptionFilter, xrefs: 00007FF65CE86127
                      • /prefetch:7, xrefs: 00007FF65CE8602B
                      • database, xrefs: 00007FF65CE86065
                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF65CE861BE
                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF65CE85EB7
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__string\char_traits.h:223: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$/prefetch:7$SetUnhandledExceptionFilter$database$kernel32.dll
                      • API String ID: 0-1004627178
                      • Opcode ID: 27c5cc368303fd61b84a4a5d2c209c453e2faba06af4309f60d9ccaa8db42774
                      • Instruction ID: 93911a5edea665fa0fee23f3f067c56d0b39c41c7ae3c92b67799a32f18afa7f
                      • Opcode Fuzzy Hash: 27c5cc368303fd61b84a4a5d2c209c453e2faba06af4309f60d9ccaa8db42774
                      • Instruction Fuzzy Hash: E5C18E23A0DB9281FA20DB20E8507BA7761FF95784F485131DA8CA7696EF7CE195C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: CurrentThread$CompletionEventPostQueuedStatus
                      • String ID: Chrome.MessageLoopProblem.COMPLETION_POST_ERROR$Chrome.MessageLoopProblem.MESSAGE_POST_ERROR$I$ScheduleWork$ScheduleWorkToSelf$WaitableEvent::Signal
                      • API String ID: 3823919964-1721350857
                      • Opcode ID: 6ededed708126604c98abe3ac553859a00d85f128267dab595dd2483fa1269e5
                      • Instruction ID: 6d153f915e50dda8dca0c77ccdd875b0406b300adeed6091ceab2f0eeadb8a40
                      • Opcode Fuzzy Hash: 6ededed708126604c98abe3ac553859a00d85f128267dab595dd2483fa1269e5
                      • Instruction Fuzzy Hash: 1F819F22A0CB8291EA208F21E4543BE77A0EF55784F584036DBCDA77A5EF3DE189D700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ErrorLast$AddressHandleModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 1762409328-1090674830
                      • Opcode ID: f9c7010d30e60c89399790edff3b3f5ff8582e0fef8b24a14fc018052080393a
                      • Instruction ID: 126c68c21246cd270144e04aa51995fa50284e8e8eb779d4b6dd93235ddeab29
                      • Opcode Fuzzy Hash: f9c7010d30e60c89399790edff3b3f5ff8582e0fef8b24a14fc018052080393a
                      • Instruction Fuzzy Hash: 0E51F922A0D7169AFA649F75E85A33963A1FF84B40F484435DA4EF73D0EF7CE4899600
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ErrorLast$CurrentHandleProcess$AddressDuplicateModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 2392487275-1090674830
                      • Opcode ID: d6df8ee02c09e7b5f8bc7958e94c42fcb584979bc6bbc27e10dad20ab59de5c1
                      • Instruction ID: ef4fb6ca4b20aec332aade54624335a56aa4ef4aeb3e1d10f4f77136d7b0ed12
                      • Opcode Fuzzy Hash: d6df8ee02c09e7b5f8bc7958e94c42fcb584979bc6bbc27e10dad20ab59de5c1
                      • Instruction Fuzzy Hash: 34313D32A0DB1285EB149F35E85933A67B1BF84B80F584435E94EF73E0EE7DE4499A00
                      APIs
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E34C
                      • WakeAllConditionVariable.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E35E
                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E367
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E370
                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E39C
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E3F9
                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E413
                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF65CE6B337), ref: 00007FF65CF3E45B
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                      • String ID:
                      • API String ID: 2824607059-0
                      • Opcode ID: 34ee287560547f2182a28a4757692d06b8c7454a78b4851c8e7719e922c1bf77
                      • Instruction ID: 837473def5669aefb0f1af2211409b548e2c56112e4e03fd3d3df97fd12eec1f
                      • Opcode Fuzzy Hash: 34ee287560547f2182a28a4757692d06b8c7454a78b4851c8e7719e922c1bf77
                      • Instruction Fuzzy Hash: D3818F27A0D64696EB959F35E8103792360FF44F95F5C4432EE0EAB7D0EE3DE8458212
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                      • String ID:
                      • API String ID: 2824607059-0
                      • Opcode ID: fc9e439c082eb9fac149d02f42fa2b5e53d539408161afa01f2720b4e9ae3f57
                      • Instruction ID: b18c05ada335953fa4e23a6afdfdf6707af4699bfce8fb0f4977ff3a69142ce7
                      • Opcode Fuzzy Hash: fc9e439c082eb9fac149d02f42fa2b5e53d539408161afa01f2720b4e9ae3f57
                      • Instruction Fuzzy Hash: 1551C723A0E6E682EA55DF25980423923A1FF54B46F4C4831DD0FB66D2EE3DE457E380
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID:
                      • String ID: %08x-%04x-%04x-%04x-%012llx$..\..\base\files\file_util_win.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$CreateAndOpenTemporaryFileInDir$ScopedBlockingCall
                      • API String ID: 0-577886094
                      • Opcode ID: 19574127befc2c4eed08a4f557e4ebf55bced90185eb41a096cd7e5cf437873a
                      • Instruction ID: e6fe3e28831170aaf0732b47d5208c91408d6de43faedfb3fab6ff5e48a98023
                      • Opcode Fuzzy Hash: 19574127befc2c4eed08a4f557e4ebf55bced90185eb41a096cd7e5cf437873a
                      • Instruction Fuzzy Hash: 7CE17133A0DAD185EA228B25E5403BEA3A0FF84794F085531DA9DA7B96DF3CE195D700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$Release
                      • String ID: ..\..\base\task\sequence_manager\work_tracker.cc$E$ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$WaitNoSyncWork
                      • API String ID: 1678258262-2415033031
                      • Opcode ID: 2c299f0e86dceec5857244c8bfdb6f2e66909a770eeaafc41ea59e1673926068
                      • Instruction ID: e75e04147b01c448f5a49475e40ddc047ca57ab04de0529616b5fa7ed039976b
                      • Opcode Fuzzy Hash: 2c299f0e86dceec5857244c8bfdb6f2e66909a770eeaafc41ea59e1673926068
                      • Instruction Fuzzy Hash: 4651A43261CB8581EA61CF25F4503BA73A0FB85794F584132DA9DA7795EF3CE08AC700
                      APIs
                      • CreateThread.KERNEL32(?,?,?,?,?,-7FFFFFFFFFFFFFFF,002252D2,?,000003E8,00224F4E,?,?,?,00007FF65CFE2C07), ref: 00007FF65CE7E89A
                      • CloseHandle.KERNEL32(?,?,?,?,-7FFFFFFFFFFFFFFF,002252D2,?,000003E8,00224F4E,?,?,?,00007FF65CFE2C07), ref: 00007FF65CE7E8D9
                      • GetLastError.KERNEL32(?,?,?,?,-7FFFFFFFFFFFFFFF,002252D2,?,000003E8,00224F4E,?,?,?,00007FF65CFE2C07), ref: 00007FF65CE7E8E1
                      Strings
                      • ..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF65CE7E9D8
                      • ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF65CE7E9C5
                      • create_thread_last_error, xrefs: 00007FF65CE7E9FD
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: CloseCreateErrorHandleLastThread
                      • String ID: ..\..\third_party\libc++\src\include\string_view:314: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:316: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$create_thread_last_error
                      • API String ID: 747004058-2499615631
                      • Opcode ID: 4bab438a25e04e5d125a0ddae982462b73dcd5872093bd898199d0b7d0df2f14
                      • Instruction ID: a568023f66dbcfceec5c2976fce666a050dcebdba86c98079349c945ff38fbe2
                      • Opcode Fuzzy Hash: 4bab438a25e04e5d125a0ddae982462b73dcd5872093bd898199d0b7d0df2f14
                      • Instruction Fuzzy Hash: 88516E23A0CAA685FA55AB31A84027967A0AF44B94F4C1431D95EF77D6EE3CE489D300
                      APIs
                      • GetCurrentThread.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF65CE7028D), ref: 00007FF65CE70390
                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF65CE7028D), ref: 00007FF65CE703D7
                      • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF65CE7028D), ref: 00007FF65CE70420
                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF65CE7028D), ref: 00007FF65CE70430
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressCurrentFreeHandleLocalModuleProcThread
                      • String ID: GetThreadDescription$Kernel32.dll
                      • API String ID: 4205643583-415897907
                      • Opcode ID: cdb160c8b2571d6401851d8a7d5c7342abe02820ae1831e65dbc137a5547d594
                      • Instruction ID: 091f61a508b49435620fa1bb7ada0da7c301939a7011588aa4cdcbae83c76128
                      • Opcode Fuzzy Hash: cdb160c8b2571d6401851d8a7d5c7342abe02820ae1831e65dbc137a5547d594
                      • Instruction Fuzzy Hash: CA314F32A0C69291EA11DF25E85427E23A1EF84B94F5C0131D90DF7BA9EE3DE489D700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease
                      • String ID: first
                      • API String ID: 17069307-2456940119
                      • Opcode ID: 2254b01bf17957858b86961fcb715fd54d9e0bd71b70783176793a32cfffaa4b
                      • Instruction ID: 97df3705861a1096e6a1a8b02dcfac8f8d994ebbbd90333506377e1962e593dd
                      • Opcode Fuzzy Hash: 2254b01bf17957858b86961fcb715fd54d9e0bd71b70783176793a32cfffaa4b
                      • Instruction Fuzzy Hash: EAB120A3A08A8286EA598F79D4053BE27A0FF50B84F5C8031DE0DA33D0EE3CE552D340
                      APIs
                      • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,00007FF65CE6102C), ref: 00007FF65CE61215
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00007FF65CE6102C), ref: 00007FF65CE61220
                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00007FF65CE6102C), ref: 00007FF65CE613B3
                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00007FF65CE6102C), ref: 00007FF65CE6158A
                      Strings
                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF65CE6159C
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$CurrentReleaseThread
                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                      • API String ID: 1385397084-2888085009
                      • Opcode ID: d30f2c121451b06519044a158c524d6a964a444c2b16faa69797c1c663c80cb2
                      • Instruction ID: c74c7c82a1cc3396d8502e41d55a6351e312b2be06425b7befc061fedfe9a309
                      • Opcode Fuzzy Hash: d30f2c121451b06519044a158c524d6a964a444c2b16faa69797c1c663c80cb2
                      • Instruction Fuzzy Hash: 78B16D23A19BA281EE21DB26E84427967A0FB48B84F494536DF4EB7791DF3CE085C300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: File$Create$CurrentDirectoryModuleName
                      • String ID: debug.log
                      • API String ID: 4120427848-600467936
                      • Opcode ID: 867a360df2c90215d847d937187775c1e6a66534af5c2e96fe8725a046afaf9b
                      • Instruction ID: 9be8a17854db6cfa6569ddd407426b15fd3fe341a9239694e221ff7810448b1d
                      • Opcode Fuzzy Hash: 867a360df2c90215d847d937187775c1e6a66534af5c2e96fe8725a046afaf9b
                      • Instruction Fuzzy Hash: E151B072A1CA4B81FA509F21E95437D27A0FF81B94F085235DA5DAB7E1EF7DE0888340
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: FreeVirtual$AcquireErrorExclusiveLastLock
                      • String ID: bitset reset argument out of range
                      • API String ID: 2644420941-1934458321
                      • Opcode ID: 0bcd0a26f133d25884d9a095920a3eafacdcc496ebaf9a1143231cdc43449e05
                      • Instruction ID: f76c9051820410b0d112d652313612da61c108695db667cab2624797aebf8c2d
                      • Opcode Fuzzy Hash: 0bcd0a26f133d25884d9a095920a3eafacdcc496ebaf9a1143231cdc43449e05
                      • Instruction Fuzzy Hash: 7841D363F18A5542EA588B26B9453B96261EF54BE1F284234DF6EA77D0EF3CD192C300
                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\array:234: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF65CE6180C
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$Release
                      • String ID: ..\..\third_party\libc++\src\include\array:234: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                      • API String ID: 1678258262-2696940747
                      • Opcode ID: 5af2dcfbf4b4f4803ff9119845adfd4b8847bfd8724ffe26b338eda55d38cc02
                      • Instruction ID: 0b090ddc86ee85c64f60b711213aabcf6fdfeae38fdb9880ae9d348faf9977ed
                      • Opcode Fuzzy Hash: 5af2dcfbf4b4f4803ff9119845adfd4b8847bfd8724ffe26b338eda55d38cc02
                      • Instruction Fuzzy Hash: BB41A417B2EB6191EE568B31A9046BDA761BB96B80F4C4435DF0EB7381DF2CB495C300
                      APIs
                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65CE81FC0), ref: 00007FF65CE821CD
                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65CE81FC0), ref: 00007FF65CE82204
                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65CE81FC0), ref: 00007FF65CE822DC
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$Release
                      • String ID: ..\..\base\threading\thread.cc$StopSoon
                      • API String ID: 1678258262-4240870308
                      • Opcode ID: 19efc6ed2eb7d9febef10cabf241eaf7976c2512957cfae755809c637d2ecfa1
                      • Instruction ID: 7ff5bc385066100660cc87802cd77464c9da032097b9719cebf00058928ad759
                      • Opcode Fuzzy Hash: 19efc6ed2eb7d9febef10cabf241eaf7976c2512957cfae755809c637d2ecfa1
                      • Instruction Fuzzy Hash: A5418932A09B5681EB109F65E8406A973A4FF88BD4F5C4032DA4EB77A4EF3DE456C340
                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector, xrefs: 00007FF65CE7B0D4
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$Acquire$CounterPerformanceQueryRelease
                      • String ID: ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector
                      • API String ID: 743314926-3459903379
                      • Opcode ID: a93a16fcd606cbc01555dbbc35c4c5bec256cfd4bfc979fa80eb4510bf9d93e2
                      • Instruction ID: d21d9df4f55e8e0828f97a9959b27421ffffd845224864e15d7c3ddcf4879676
                      • Opcode Fuzzy Hash: a93a16fcd606cbc01555dbbc35c4c5bec256cfd4bfc979fa80eb4510bf9d93e2
                      • Instruction Fuzzy Hash: A0317622A0DB45C1EA608F25E45537973A1FB44BD0F481032DA5EA77A1DF7CE589D301
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressFreeHandleLibraryModuleProc
                      • String ID: CorExitProcess$mscoree.dll
                      • API String ID: 4061214504-1276376045
                      • Opcode ID: 9c61b0b0b7db23356b8042a8e4676720a79ec942e3b313cffced336c934c37f5
                      • Instruction ID: b2c12dde8612553e5e5eb96e4931f06882ed58c56b95d4798b5ed3413c24d68e
                      • Opcode Fuzzy Hash: 9c61b0b0b7db23356b8042a8e4676720a79ec942e3b313cffced336c934c37f5
                      • Instruction Fuzzy Hash: 8DF06262A1DB0291EF248F34E8543396360EF897A1F5C0239CA6DDA1F4EF6CD088C700
                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:223: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF65CF4601C
                      • ..\..\third_party\libc++\src\include\optional:806: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF65CF46193
                      • SharedMemoryTracker, xrefs: 00007FF65CF46155
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: FileUnmapView
                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:223: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\optional:806: assertion this->has_value() failed: optional operator* called on a disengaged value$SharedMemoryTracker
                      • API String ID: 2564024751-4112981607
                      • Opcode ID: be2d86d52fe6bbed919d866333cd2d8efab87210827950921ff22850daddc17a
                      • Instruction ID: f9eb2d3b856d97bad6cf1494be1b9121353acda319251fdaa0b508a608ae6d70
                      • Opcode Fuzzy Hash: be2d86d52fe6bbed919d866333cd2d8efab87210827950921ff22850daddc17a
                      • Instruction Fuzzy Hash: 1E719063A0DA4695EE10DB35E9843B96360FF40BA4F480631DA9DA77E1EF7CE589C301
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: CounterPerformanceQuery$Sleep
                      • String ID: NO"
                      • API String ID: 2073334151-667184118
                      • Opcode ID: 582d49afa5222c7b62b9861954c9ac8561357cde60e04016753f3b93acc7ed49
                      • Instruction ID: 4ff596c3c4a669015359bd6050d4ca540b7531b4b1a40e1fc14afba600aa9bf0
                      • Opcode Fuzzy Hash: 582d49afa5222c7b62b9861954c9ac8561357cde60e04016753f3b93acc7ed49
                      • Instruction Fuzzy Hash: 3D416B32B29B5680EA648B36F95163963A5FB857A4F481132DE4DA7BA0DF7CE0858600
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressLibraryLoadProc
                      • String ID: ProcessPrng$bcryptprimitives.dll
                      • API String ID: 2574300362-2667675608
                      • Opcode ID: 0f43f3598defc3952e4b0d1fe87448a57cca6582ab3610a574d553c0514905b3
                      • Instruction ID: 9680204f919f142ad778b576746329bbf70c988ba505967b4ee807c1b3b3277d
                      • Opcode Fuzzy Hash: 0f43f3598defc3952e4b0d1fe87448a57cca6582ab3610a574d553c0514905b3
                      • Instruction Fuzzy Hash: AB419C22E1CA9281FA109B35F8412B96760FF95B94F585132DE4CA77E4EF3CE5CA8700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: CurrentDirectory
                      • String ID: ..\..\base\files\file_util_win.cc$GetCurrentDirectoryW$ScopedBlockingCall
                      • API String ID: 1611563598-3482229333
                      • Opcode ID: 7cd6531206a67f9f7413a248a8ab430cf65669d68b85df30fa3e1bb415dd25cb
                      • Instruction ID: 4833837eb68e3e03c0a82ee65c42d51389069e88ca7b07bcdddaacd8c8aa1618
                      • Opcode Fuzzy Hash: 7cd6531206a67f9f7413a248a8ab430cf65669d68b85df30fa3e1bb415dd25cb
                      • Instruction Fuzzy Hash: 36418E22A1CB8290FB219F35F4547EEA760FF81784F485031EA8DA7695EE7CE189C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease
                      • String ID: bitset set argument out of range$bitset test argument out of range
                      • API String ID: 17069307-1976194836
                      • Opcode ID: 066d7379300c4fb86ca0d4b3d4e0c6a603586e2b68c008a383033d685fed4260
                      • Instruction ID: ac771e3f33d3f6be4d605a7462a46fbb84fe1b80b5e7c0587718ebc6d8301e7d
                      • Opcode Fuzzy Hash: 066d7379300c4fb86ca0d4b3d4e0c6a603586e2b68c008a383033d685fed4260
                      • Instruction Fuzzy Hash: 8321D6A7B1AE5242F9788A71F6143F963129F507C4F484431CB4EB3A81DE6CE0C5C304
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressErrorHandleLastModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 4275029093-1090674830
                      • Opcode ID: f4dbb492c6e2b7e4539ba00dfcb1f5e9e54a74bba92bf59255ec9ddd0c6694f2
                      • Instruction ID: 7652cd539939984645dec35ffab23494d55fa023a298150524b7c67d7385edbd
                      • Opcode Fuzzy Hash: f4dbb492c6e2b7e4539ba00dfcb1f5e9e54a74bba92bf59255ec9ddd0c6694f2
                      • Instruction Fuzzy Hash: FC21082BA1EA1781FA199F35F8553792761BF44B90F488435DA0EF63D0EF7CA49A9300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease
                      • String ID: bitset set argument out of range$bitset test argument out of range
                      • API String ID: 17069307-1976194836
                      • Opcode ID: 38d5ef64c9b265dfb609edeb6ae326bd5cce03ca2e01b46d0db440001d9bd129
                      • Instruction ID: 9a58c488cf0d61723908da99fb532ee0d48845d45abbb819b4ee0dedc67a9635
                      • Opcode Fuzzy Hash: 38d5ef64c9b265dfb609edeb6ae326bd5cce03ca2e01b46d0db440001d9bd129
                      • Instruction Fuzzy Hash: C0116A52B0D56A42FD699B21EA987796213AF50BD0E588031C90FB76D5EE2CE48AC314
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ErrorLast
                      • String ID:
                      • API String ID: 1452528299-0
                      • Opcode ID: 69ca331966defac9c88c8f41f2c05ae097b5ab61da3d19588197f43c3492d4e7
                      • Instruction ID: 022227d61528c293e2b65ac88f9392fa6adbf08f91a3e06c736d32807ff75476
                      • Opcode Fuzzy Hash: 69ca331966defac9c88c8f41f2c05ae097b5ab61da3d19588197f43c3492d4e7
                      • Instruction Fuzzy Hash: D4219837A1C65245FA605F74BC562B926F1AFC8B65F1C1230EA6EE36D0EE3CE8458200
                      APIs
                      • TryAcquireSRWLockExclusive.KERNEL32(?,00000001,000000C0,00007FF65CF11741), ref: 00007FF65CF1181A
                      • AcquireSRWLockExclusive.KERNEL32(?,00000001,000000C0,00007FF65CF11741), ref: 00007FF65CF11908
                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF65CFC533D
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AcquireExclusiveLock
                      • String ID:
                      • API String ID: 4021432409-0
                      • Opcode ID: c33587f073f6efab948bb66c2a643dfd1839c2750fe3d2500b85949c704aa109
                      • Instruction ID: 822e6d8453eb461c3c4f53798c4f4bef45d79811df56782d7ed23007a2572a98
                      • Opcode Fuzzy Hash: c33587f073f6efab948bb66c2a643dfd1839c2750fe3d2500b85949c704aa109
                      • Instruction Fuzzy Hash: F6519F63B0DA1681EB658F2AE4401792761FF88FA4F598032DE0EA7390EF3CD486C740
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 6762a81a17bb68cc3c7ed0cfc1a0f5c360d748467525a9f8561e6d316a72436a
                      • Instruction ID: 5ea08f0ad636a75c4df6be2f33ac370b3c54f6ac46dca866228dcd6234279194
                      • Opcode Fuzzy Hash: 6762a81a17bb68cc3c7ed0cfc1a0f5c360d748467525a9f8561e6d316a72436a
                      • Instruction Fuzzy Hash: 3C116AA2E0D64242FAA8A775E94117A23525F443F8F5C5334E83DE7BDAEF2CE4458200
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExclusiveLock$AcquireRelease
                      • String ID: first
                      • API String ID: 17069307-2456940119
                      • Opcode ID: eb67d8389ce6f05edf8b0fdab8cebf8364a760e5f53ea93010adde470da8034b
                      • Instruction ID: 3bb71dc0271069aa397d57345d4745516b9f2077bed00402a51e8cb46d2b2be4
                      • Opcode Fuzzy Hash: eb67d8389ce6f05edf8b0fdab8cebf8364a760e5f53ea93010adde470da8034b
                      • Instruction Fuzzy Hash: A851BFB3A08A4685EB14CF2AE5506BD77A0FB55B88F584031EE4DA7795EE3DE482C700
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID: (
                      • API String ID: 1726664587-3887548279
                      • Opcode ID: 8957d414c6ac52d71e060c3337867d73a144a472de87f917ff62e28ca6b17dcf
                      • Instruction ID: 2800f7f9ff0d73aae584eb226c30f53e1b45f4ed0ba36993244568e766cb8723
                      • Opcode Fuzzy Hash: 8957d414c6ac52d71e060c3337867d73a144a472de87f917ff62e28ca6b17dcf
                      • Instruction Fuzzy Hash: B6318122608B9181E7708F65F8053EBA7A4FF99B94F495221EE8CA7B54DF3CD156CB00
                      APIs
                      Strings
                      • ..\..\third_party\libc++\src\include\array:234: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF65CE61935
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AcquireExclusiveLock
                      • String ID: ..\..\third_party\libc++\src\include\array:234: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                      • API String ID: 4021432409-2696940747
                      • Opcode ID: b62f642e56d2574a726e8acdcd776c50debd731e888a53c248a6694cdf895c98
                      • Instruction ID: aef442752624a0245d15ed40d6ddfbed9b810096f092ab2ff5490a8c9275c489
                      • Opcode Fuzzy Hash: b62f642e56d2574a726e8acdcd776c50debd731e888a53c248a6694cdf895c98
                      • Instruction Fuzzy Hash: AF21E513F2DAA650FE678A32AD445BD1BA0AF55B84F1C5432CF0EB36919E2CA5D6C300
                      APIs
                      • RtlPcToFileHeader.KERNEL32(00007FF65CF8C607,?,?,?,?,00007FF65CF8A52B), ref: 00007FF65CF8D48C
                      • RaiseException.KERNEL32(00007FF65CF8C607,?,?,?,?,00007FF65CF8A52B), ref: 00007FF65CF8D4CD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: ExceptionFileHeaderRaise
                      • String ID: csm
                      • API String ID: 2573137834-1018135373
                      • Opcode ID: 05564b5aa4f3dbeef3313bd96067707780e6e31dccd855c27eda91cb6238da01
                      • Instruction ID: c98fa48809203755a1ee91f8c2c475ab5dd3a825681d3ff2b21393cb8aebe47c
                      • Opcode Fuzzy Hash: 05564b5aa4f3dbeef3313bd96067707780e6e31dccd855c27eda91cb6238da01
                      • Instruction Fuzzy Hash: 85115B32618B8182EB608F25F40026977E5FF88B94F584234EA8D57768EF3CD5558B00
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 1646373207-1090674830
                      • Opcode ID: 2b8cb36f71733b108bbfa39432275b080f6d97d29822667a0b8f69ad0b324506
                      • Instruction ID: f0eb9ae11df892bd3428978c5d707a950d66be44e0d492dc4cf2343e87e89c3b
                      • Opcode Fuzzy Hash: 2b8cb36f71733b108bbfa39432275b080f6d97d29822667a0b8f69ad0b324506
                      • Instruction Fuzzy Hash: 07010026A1DA0781FA949F36E49537813A1BF45B84F6C4435D90FE77D0EE7DE489A300
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 1646373207-1090674830
                      • Opcode ID: 9b3caff5fbfaa8bcae7be5b28ce38da721b0bb84ab665283332f0e0fba050626
                      • Instruction ID: 641a92b86e0e04597a963f16fffeffd35b1d484d469036ae143ce2a2c60f4ead
                      • Opcode Fuzzy Hash: 9b3caff5fbfaa8bcae7be5b28ce38da721b0bb84ab665283332f0e0fba050626
                      • Instruction Fuzzy Hash: A7011326A0DA6B80EB589B35E8543782361AF44B80F5C8435CD0EF63E0EE6CA4899300
                      APIs
                      • GetModuleHandleW.KERNEL32(?,?,?,?,00007FF65CF08F83,?,?,?,00000000,00007FF65CE61EA3), ref: 00007FF65CE6FD02
                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF65CF08F83,?,?,?,00000000,00007FF65CE61EA3), ref: 00007FF65CE6FD12
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: GetHandleVerifier
                      • API String ID: 1646373207-1090674830
                      • Opcode ID: 2d04bf88cf904d354dca5ba268aee53df19b200c9be10d8e0e807e6303f0308e
                      • Instruction ID: 6381485409517ea2e69a36abce842e609202df9e7557defda9b9eec5428cbb2b
                      • Opcode Fuzzy Hash: 2d04bf88cf904d354dca5ba268aee53df19b200c9be10d8e0e807e6303f0308e
                      • Instruction Fuzzy Hash: B7111B2AA1DA1781EA189B35F4553792361BF55BC4F5C5836DA0EB63E0EE7CF48A8200
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2100605523.00007FF65CE61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65CE60000, based on PE: true
                      • Associated: 00000000.00000002.2100545264.00007FF65CE60000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100748712.00007FF65D04E000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D090000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100795736.00007FF65D09E000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100847781.00007FF65D0AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100898394.00007FF65D0BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100917330.00007FF65D0BF000.00000020.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.2100932708.00007FF65D0C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ff65ce60000_onestart.jbxd
                      Similarity
                      • API ID: __std_exception_destroy
                      • String ID: Bad variant access$bad_variant_access.cc
                      • API String ID: 2453523683-4004146108
                      • Opcode ID: a081ee958a2b342d5f271644d363674e097c8fb0cc298aaa9757c8dda73c81ca
                      • Instruction ID: deae4bcec02622364be23364d460ff007b38bafde63f03a6de1664f21d03918c
                      • Opcode Fuzzy Hash: a081ee958a2b342d5f271644d363674e097c8fb0cc298aaa9757c8dda73c81ca
                      • Instruction Fuzzy Hash: 90E09226F0E51691FA05AB7ABC516B822618F85B90F5C5430DE0CAB7D5FE2CE68BC710