Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe

Overview

General Information

Sample name:SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Analysis ID:1428529
MD5:8248611347661c3ea4f8e27335cd1700
SHA1:91e8b00f747f551edc43da93586f555cb98bb28d
SHA256:59f4ae1f38b93b1303c37894f8bce134d2f75e6404bee7509a97b951c824b5bd
Tags:exe
Infos:

Detection

Score:19
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Tries to harvest and steal browser information (history, passwords, etc)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables security privileges
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: H:\Projects\FoneTool\tools\ftinst\build\.build_static_x86_vc14.1_xp\RelWithDebInfo\ftinst.pdb source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B6D7E0 FindFirstFileA,FindClose,FindNextFileA,FindClose,GetLastError,RemoveDirectoryA,0_2_00B6D7E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A48BE0 OpenMutexW,CreateMutexW,WaitForSingleObject,FindFirstFileA,FindClose,DeleteFileA,ReleaseMutex,ReleaseMutex,CloseHandle,CloseHandle,ReleaseMutex,CloseHandle,__Init_thread_footer,GetModuleFileNameA,_strrchr,__Init_thread_footer,0_2_00A48BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B9B140 InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetSetOptionA,SetLastError,HttpQueryInfoA,HttpQueryInfoA,HttpQueryInfoA,HttpQueryInfoA,InternetReadFile,InternetReadFile,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00B9B140
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673595275.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673690345.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671594449.0000000002EF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673404574.0000000002EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671555330.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673517650.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673473687.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673595275.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673690345.0000000002EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersh
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/jp/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666212503.0000000002ED3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666141866.0000000002ED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666082767.0000000002ED1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666212503.0000000002ED3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnl
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666141866.0000000002ED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666082767.0000000002ED1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1666212503.0000000002ED3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnt
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1668867021.0000000002EC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1668867021.0000000002EC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//ta
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/4
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/6
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/7
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/9
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/://w
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1668867021.0000000002EC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/W
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0tr
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/j
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/9
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/of
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/x
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1676399480.0000000002EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1676399480.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1676519881.0000000002EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.4
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1659304789.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658918288.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1659190883.0000000002EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exe.
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exe7x
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exe?
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exea
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeha
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exes
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/mbackup/configinfo/ft.dat
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://www2.aomeisoftware.com/download/mbackup/configinfo/ft.dat)
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: http://www2.aomeisoftware.com/download/mbackup/configinfo/ft.dat)FoneTool.TitleBar.SaleButtonInNotLi
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/mbackup/setups/MBackupper_setup.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www2.aomeisoftware.com/download/mbackup/setups/MBackupper_setup.exehttp://www2.aomeisoftware.
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://a.aomeisoftware.com/api/v2/soft/collect
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a.aomeisoftware.com/api/v2/soft/collectp
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://b.aomeisoftware.com/api/v2/soft/collect
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://mobile.ubackup.com/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://mobile.ubackup.com/130003
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.aomeitech.com/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.aomeitech.com/101004
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.aomeitech.com/mbackupper/thanks-install.html?ver=onstd
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.aomeitech.com/mbackupper/thanks-install.html?ver=onstdOnSetup.SaveAsExtendedDataonlineme
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/download-latest-version.html0y
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/download-latest-version.htmlup
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/download-latest-version.htmluz
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=off%s)
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeo
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeq
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=onFreetdxU
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?ver=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/uninstall-completed.htmlR~2
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/uninstall-completed.htmlu
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/campaign/upgrade-now.html?sourc~z
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001133000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/de/7
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/de/campaign/uninstall-completed.htmlO
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.fonetool.com/de/ux-improvement-program.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/ded
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%sw
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/es/campaign/thanks-install.html?edition=onFreer
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/es/campaign/uninstall-completed.html6~
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/fo
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/fr/campaign/thanks-install.html?edition=onFreeuy
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/fr/campaign/uninstall-completed.htmli~
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.fonetool.com/fr/ux-improvement-program.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/it/B
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/it/campaign/download-latest-version.htmlV
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/it/campaign/thanks-install.html?edition=onFreej
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/it/campaign/uninstall-c
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/jp/E
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFreeN
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFreey
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/jp/campaign/uninstall-completed.htmlH
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/jp/d
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.fonetool.com/jp/ux-improvement-program.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/download-latest-version.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/uninstall-completed.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/upgrade-now.html?source=
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.fonetool.com/tw/ux-improvement-program.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/twO
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/twlf.
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com/ux-improvement-program.html
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.com4
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fonetool.comd
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeGa
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeN
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeR
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeZa9
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeax/
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.execa
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exer
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.ini
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniEx
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniJx
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniUa6
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniW
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inii
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inij
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inim
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniub
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinesetup.ini
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/ftl/ftonlinesetup.inihttps://www2.aomeisoftware.com/download
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www2.aomeisoftware.com/download/mbackup/configinfo/Config/MBUpgrade.json
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/mbackup/configinfo/Config/MBUpgrade.jsonuy
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B0E7300_2_00B0E730
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00AD1B800_2_00AD1B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B0E0200_2_00B0E020
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A591600_2_00A59160
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D112CF0_2_00D112CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A6A2900_2_00A6A290
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D2321D0_2_00D2321D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B7E3600_2_00B7E360
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D0D3200_2_00D0D320
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A924D00_2_00A924D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B0B6300_2_00B0B630
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00BA96000_2_00BA9600
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A6A9100_2_00A6A910
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A7E9400_2_00A7E940
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B27A000_2_00B27A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A83A700_2_00A83A70
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A42A400_2_00A42A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D22B850_2_00D22B85
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D23B720_2_00D23B72
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B79CD00_2_00B79CD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D22DB40_2_00D22DB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B7AD600_2_00B7AD60
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D0DFCC0_2_00D0DFCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00CABFE00_2_00CABFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A92F200_2_00A92F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A67F400_2_00A67F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: String function: 00CEB8E0 appears 35 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: String function: 00C5020B appears 59 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: String function: 00A6A250 appears 61 times
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFoneTool Installer.exeF vs SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000000.1657879012.0000000000EFB000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFoneTool Installer.exeF vs SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeBinary or memory string: OriginalFilenameFoneTool Installer.exeF vs SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: Section: UPX1 ZLIB complexity 0.9890678818888177
Source: classification engineClassification label: clean19.spyw.winEXE@1/5@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeMutant created: \Sessions\1\BaseNamedObjects\Guid_{FAC4F138-6147-4899-90CA-5A9F7A70EAB4}
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeMutant created: \Sessions\1\BaseNamedObjects\bipc_gmap_sem_lock_7532_13357974356.922226
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeFile created: C:\Users\user\AppData\Local\Temp\97ccea83-52aa-455f-9ae6-4693882dff99.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeFile read: C:\ProgramData\AomeiMB\usercfg.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE cookies set %s="%s" where %s="%s";
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE cookies set %s = "%s" where %s="%s";
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE moz_cookies set %s="%s" where %s="%s";
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: 130002,https://www.aomeitech.com/mbackupper/thanks-install.html?ver=onstd
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.de.WebInstalledFhttps://www.fonetool.com/de/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.en.WebInstalledChttps://www.fonetool.com/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.es.WebInstalledFhttps://www.fonetool.com/es/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.fr.WebInstalledFhttps://www.fonetool.com/fr/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.it.WebInstalledFhttps://www.fonetool.com/it/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.ja.WebInstalledFhttps://www.fonetool.com/jp/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.nl.WebInstalledChttps://www.fonetool.com/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.pl.WebInstalledChttps://www.fonetool.com/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.zh_CN.WebInstalledChttps://www.fonetool.com/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OffSetup.zh_TW.WebInstalledFhttps://www.fonetool.com/tw/campaign/thanks-install.html?edition=off%s
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/de/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.de.130002Ghttps://www.fonetool.com/de/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.en.130002Dhttps://www.fonetool.com/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/es/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.es.130002Ghttps://www.fonetool.com/es/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/fr/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.fr.130002Ghttps://www.fonetool.com/fr/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/it/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.it.130002Ghttps://www.fonetool.com/it/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.ja.130002Ghttps://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.nl.130002Dhttps://www.fonetool.com/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.pl.130002Dhttps://www.fonetool.com/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.zh_CN.130002Dhttps://www.fonetool.com/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: https://www.fonetool.com/tw/campaign/thanks-install.html?edition=onFree
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeString found in binary or memory: OnSetup.zh_TW.130002Ghttps://www.fonetool.com/tw/campaign/thanks-install.html?edition=onFree
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeFile written: C:\ProgramData\AomeiMB\usercfg.iniJump to behavior
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic file information: File size 1885792 > 1048576
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x186200
Source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: H:\Projects\FoneTool\tools\ftinst\build\.build_static_x86_vc14.1_xp\RelWithDebInfo\ftinst.pdb source: SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00CEB429 push ecx; ret 0_2_00CEB43C
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00CEB926 push ecx; ret 0_2_00CEB939
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A4D710 GetPrivateProfileStringA,0_2_00A4D710
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A4DD90 GetPrivateProfileStringA,0_2_00A4DD90
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-54988
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B6D7E0 FindFirstFileA,FindClose,FindNextFileA,FindClose,GetLastError,RemoveDirectoryA,0_2_00B6D7E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A48BE0 OpenMutexW,CreateMutexW,WaitForSingleObject,FindFirstFileA,FindClose,DeleteFileA,ReleaseMutex,ReleaseMutex,CloseHandle,CloseHandle,ReleaseMutex,CloseHandle,__Init_thread_footer,GetModuleFileNameA,_strrchr,__Init_thread_footer,0_2_00A48BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00A410A0 GetSystemInfo,0_2_00A410A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D17C49 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D17C49
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D4807D mov eax, dword ptr fs:[00000030h]0_2_00D4807D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B38130 ___std_exception_destroy,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00B38130
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00CEA5C3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00CEA5C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D17C49 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D17C49
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B6CF50 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateDirectoryA,0_2_00B6CF50
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,0_2_00D5178D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00D5DAE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetLocaleInfoW,0_2_00D5E13A
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00D5E263
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetLocaleInfoW,0_2_00D5E36A
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00D5E437
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetLocaleInfoW,0_2_00D5DCB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: EnumSystemLocalesW,0_2_00D5DDC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: EnumSystemLocalesW,0_2_00D5DD59
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: EnumSystemLocalesW,0_2_00D50D3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00D5DEEA
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: EnumSystemLocalesW,0_2_00D5DE5D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00B6D000 GetLastError,GetLastError,__CxxThrowException@8,GetSystemTimeAsFileTime,0_2_00B6D000
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeCode function: 0_2_00D536BB _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00D536BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetWork\CookiesJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts21
Obfuscated Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop Protocol1
Data from Local System		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Software Packing		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS24
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe8%ReversingLabs
SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe3%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/://w0%VirustotalBrowse
https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFree0%VirustotalBrowse
https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniW0%VirustotalBrowse
https://www.fonetool.com/campaign/thanks-install.html?edition=onFree0%VirustotalBrowse
https://www.fonetool.com/de/campaign/uninstall-completed.html0%VirustotalBrowse
https://www.fonetool.com/es0%VirustotalBrowse
https://www.fonetool.com0%VirustotalBrowse
http://www.jiyu-kobo.co.jp//ta0%VirustotalBrowse
https://www.fonetool.com/campaign/download-latest-version.html0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/90%VirustotalBrowse
https://www.fonetool.com/jp/campaign/download-latest-version.html0%VirustotalBrowse
https://www.fonetool.com/tw/0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/70%VirustotalBrowse
https://www.fonetool.com/de/campaign/thanks-install.html?edition=off%s0%VirustotalBrowse
https://www.fonetool.com/es/campaign/download-latest-version.html0%VirustotalBrowse
https://www.fonetool.com/fr/campaign/uninstall-completed.html0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/40%VirustotalBrowse
http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/60%VirustotalBrowse
https://www.fonetool.com/fr0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/00%VirustotalBrowse
https://www.fonetool.com/tw/campaign/thanks-install.html?edition=off%s0%VirustotalBrowse
https://www.fonetool.com/fr/0%VirustotalBrowse
https://www.fonetool.com/de/campaign/upgrade-now.html?source=0%VirustotalBrowse
http://www.zhongyicts.com.cn1%VirustotalBrowse
http://www.jiyu-kobo.co.jp/Y00%VirustotalBrowse
https://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exe0%VirustotalBrowse
http://www2.aomeisoftware.com/download/mbackup/setups/MBackupper_setup.exehttp://www2.aomeisoftware.0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.jiyu-kobo.co.jp/://wSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalseunknown
https://www.fonetool.com/campaign/download-latest-version.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
https://www.fonetool.com/campaign/download-latest-version.htmluzSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    https://www.fonetool.com/de/campaign/uninstall-completed.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
    https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
    https://www.fonetool.comdSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniWSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://www.fonetool.com/it/campaign/uninstall-cSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFreeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
        • URL Reputation: safe
        		unknown
        https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniUa6SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          https://www.fonetool.com/campaign/upgrade-now.html?sourc~zSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://www.fonetool.com/jp/campaign/thanks-install.html?edition=onFreeNSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://www.fonetool.com/esSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
              https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeZa9SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://www.fonetool.comSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                https://www.fonetool.com/dedSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.jiyu-kobo.co.jp//taSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1668867021.0000000002EC4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  http://www.fontbureau.com/designersSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673595275.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1673690345.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671594449.0000000002EF7000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.fonetool.com/de/campaign/thanks-install.html?edition=off%sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                    https://www.fonetool.com/tw/SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                    https://www.fonetool.com/es/campaign/download-latest-version.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                    https://www.fonetool.com/fr/campaign/uninstall-completed.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                    http://www.sajatypeworks.comSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/9SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    http://www.founder.com.cn/cn/cTheSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://www.fonetool.com/jp/campaign/download-latest-version.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                    http://www.jiyu-kobo.co.jp/7SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://www.fonetool.com/foSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://www.jiyu-kobo.co.jp/6SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://www.fonetool.com/tw/campaign/thanks-install.html?edition=off%sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                      http://www.jiyu-kobo.co.jp/4SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://www.fonetool.com/frSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                      http://www.jiyu-kobo.co.jp/0SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://www.fonetool.com/it/campaign/thanks-install.html?edition=onFreejSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://www2.aomeisoftware.com/download/mbackup/setups/MBackupper_setup.exehttp://www2.aomeisoftware.SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpfalseunknown
                        https://www.fonetool.com/de/campaign/uninstall-completed.htmlOSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.fonetool.com/de/campaign/upgrade-now.html?source=SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                          https://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpfalseunknown
                          http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/Y0SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://www.fonetool.com/fr/SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalseunknown
                          https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inijSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniiSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.urwpp.deDPleaseSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.zhongyicts.com.cnSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                              https://www.fonetool.com/campaign/download-latest-version.htmlupSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://www.fonetool.com/es/campaign/uninstall-completed.html6~SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.fonetool.com/es/campaign/upgrade-now.html?source=SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                    		unknown
                                    https://www.fonetool.com/fr/ux-improvement-program.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpfalse
                                      		unknown
                                      https://b.aomeisoftware.com/api/v2/soft/collectSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpfalse
                                        		unknown
                                        https://www.fonetool.com/fr/campaign/upgrade-now.html?source=SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                          		unknown
                                          https://www2.aomeisoftware.com/download/ftl/ftonlinefree.inimSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/WSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1668867021.0000000002EC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniJxSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.fonetool.com/campaign/uninstall-completed.htmlR~2SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.aomeitech.com/mbackupper/thanks-install.html?ver=onstdSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                    		high
                                                    https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeqSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://mobile.ubackup.com/SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpfalse
                                                        		unknown
                                                        https://www.fonetool.com/es/SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                          		unknown
                                                          https://www.fonetool.com/jp/dSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exerSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%swSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exesSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://www.fonetool.com/jp/campaign/thanks-install.html?edition=off%sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                    		unknown
                                                                    https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeGaSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.fonetool.com/campaign/thanks-install.html?edition=onFreeoSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://www.fonetool.com/deSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                          		unknown
                                                                          https://www.fonetool.com/es/campaign/thanks-install.html?edition=off%sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                            		unknown
                                                                            http://www.carterandcone.comlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.fonetool.com/campaign/uninstall-completed.htmluSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                		unknown
                                                                                https://www.fonetool.com/fr/campaign/thanks-install.html?edition=onFreeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                  		unknown
                                                                                  https://www.fonetool.com/it/campaign/thanks-install.html?edition=off%sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                    		unknown
                                                                                    https://www.fonetool.com/twSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                      		unknown
                                                                                      https://www.fonetool.com/tw/ux-improvement-program.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                        		unknown
                                                                                        http://www.jiyu-kobo.co.jp/xSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://www.monotype.4SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1676399480.0000000002EF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1676519881.0000000002EF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		low
                                                                                            http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.fonetool.com/campaign/download-latest-version.html0ySecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www2.aomeisoftware.com/download/ftl/ftonlinefree.iniubSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.jiyu-kobo.co.jp/sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1669578089.0000000002ECB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.fonetool.com/es/campaign/thanks-install.html?edition=onFreeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                                      		unknown
                                                                                                      http://www2.aomeisoftware.com/download/mbackup/setups/FoneTool_free.exeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.fonetool.com/fr/campaign/thanks-install.html?edition=off%sSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                                          		unknown
                                                                                                          https://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeax/SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1678099416.0000000001177000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/0SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.fonetool.com/tw/campaign/uninstall-completed.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                                                		unknown
                                                                                                                http://www.jiyu-kobo.co.jp/jSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1670920120.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671497734.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://www.fonetool.com4SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.fonetool.com/it/campaign/download-latest-version.htmlVSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www2.aomeisoftware.com/download/ftl/FoneTool_free.exeaSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.fontbureau.com/jp/SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1671776140.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.fonetool.com/jp/ESecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://www.fonetool.com/twOSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000003.1658545798.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922874933.00000000010E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://www.aomeitech.com/101004SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.fonetool.com/tw/campaign/download-latest-version.htmlSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                                                                  		unknown
                                                                                                                                  https://a.aomeisoftware.com/api/v2/soft/collectSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.fonetool.com/de/campaign/thanks-install.html?edition=onFreeSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exefalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.fontbureau.com/designersGSecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe, 00000000.00000002.2923930855.00000000043F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        No contacted IP infos

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                        Analysis ID:1428529
                                                                                                                                        Start date and time:2024-04-19 06:25:07 +02:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 5m 52s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:6
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        Detection:CLEAN
                                                                                                                                        Classification:clean19.spyw.winEXE@1/5@0/0
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                        HCA Information:Failed
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                        Warnings

                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        No simulations

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        No context

                                                                                                                                        Domains

                                                                                                                                        No context

                                                                                                                                        ASNs

                                                                                                                                        No context

                                                                                                                                        JA3 Fingerprints

                                                                                                                                        No context

                                                                                                                                        Dropped Files

                                                                                                                                        No context

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\ProgramData\AomeiMB\FTSetup.ini

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):67
                                                                                                                                        Entropy (8bit):4.756022958953036
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:1ERWAXgF6A01Vxh+W5GKE2UMn:1qWx6A011pYKEVM
                                                                                                                                        MD5:E0F6253ADFA10FD3A1143A1F215A83F2
                                                                                                                                        SHA1:986BDF8276D7863DE9C8CE8C7D164BC703BBCA21
                                                                                                                                        SHA-256:895AE32D5128A269BB79CA69E5D8630FE99A24646C088EC9024063810FF39FA5
                                                                                                                                        SHA-512:09133A707ED603A70CED81E9063AD2D44B7AE5B97A6273DACBADAABD6F3E2DFA1CFAD078505F48511A66AD5A449C0373675AC1CB7810B98C3BA20273FF574D36
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:[General]..AMDeviceId=dev_id_ccbeb760-5712-4410-83d3-35c16a0936b0..

                                                                                                                                        C:\ProgramData\AomeiMB\MBConfig.ini

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):31
                                                                                                                                        Entropy (8bit):3.8041484247609643
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:YlvQ5Y2sn:CvQ62s
                                                                                                                                        MD5:611444D102AF24698AA5E2DF006EA7F5
                                                                                                                                        SHA1:EEC2702DCE69AD39985E2F0C29FF4DA208F2E3A5
                                                                                                                                        SHA-256:2A5AEF942378715F5D0C1F08F669E338B8CC95FB8F16901D9447BD1A53A7D43E
                                                                                                                                        SHA-512:91A7862B4DE1D764E68E7406F7234B128CD80796DFF46F1A2780DF79A8A1328094E288C67CA48CBF94496EAA225F46C27D20B9E50EF8E326F1B34266317348DD
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:[other]..user_experience=true..

                                                                                                                                        C:\ProgramData\AomeiMB\usercfg.ini

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):59
                                                                                                                                        Entropy (8bit):4.666127159347986
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:urTkpB01Vxh+W5GKE2UMn:ga011pYKEVM
                                                                                                                                        MD5:0D873F9ABDB607AEEF88690D27A819B2
                                                                                                                                        SHA1:09ACEF92AB3D8F2C4B59B18287B884FDA4F650C1
                                                                                                                                        SHA-256:80D555A7C9C64BD064A7B7050EBA0A55586C79A1DE25CA8B80CC4D5DF0541C11
                                                                                                                                        SHA-512:998D657147E725ACADB0F94AD82339C3E620B65EF14A68CAAF27D778F4B93235F60E9BBD5B3652045A2484F1008E1388AEBCFD267A8180442B3DCEEF3176380D
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:[User]..DevID=dev_id_ccbeb760-5712-4410-83d3-35c16a0936b0..

                                                                                                                                        C:\Users\user\AppData\Local\Temp\73d343e3-d818-4d96-909f-e3854b686899\43a355-daemon-20240419-0734.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):240
                                                                                                                                        Entropy (8bit):3.492562938676203
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6:Q+nCSuw4kV8fb3/lCu+pcValmDMxk7Oro8aplWEUwJ9Dov:Q+nCkV8Twu+pr8DQk7Sz6pRJxG
                                                                                                                                        MD5:E3997F5127C79B24B5525DE8B9CF99EB
                                                                                                                                        SHA1:DBB001440848AEAA845518B5D215F72CD5EDF845
                                                                                                                                        SHA-256:BE1C41BF5348E66E8B3AD6DD82A675D0204CC98F88395F2C22DC988DFBABDE8E
                                                                                                                                        SHA-512:4773C5B0BEDEF565DD40C18F04BA9A2E6CD97FD94DE6427AD14AC7DD3208E58FB722AE53FFCF8426B7C36777CF4F07AB6ED705AD52253B6F20ED2CEA5EBD5599
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:..[.0.4.-.1.9. .0.7.:.3.4.:.3.4.].[.E.R.R.].[.1.D.7.0. . . . .].[.l.i.b.g.o.o.g.l.e._.a.n.a.l.y.t.i.c.s...c.p.p.:. .2.1.3.].:. .I.n.i.t.(.). .f.a.i.l.e.d.,. .e.x.c.e.p.t.i.o.n.:. .R.e.a.c.h.e.d. .t.h.e. .e.n.d. .o.f. .t.h.e. .f.i.l.e.......

                                                                                                                                        C:\Users\user\AppData\Local\Temp\97ccea83-52aa-455f-9ae6-4693882dff99.ini

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):87
                                                                                                                                        Entropy (8bit):4.873753772917447
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:1EaLgFNqF6A01Vxh+W5GKE2UMn:1Bkq6A011pYKEVM
                                                                                                                                        MD5:BE63F16471F577E3261C9687959124EE
                                                                                                                                        SHA1:65E478ADF5118346CB408916DD295D72344CC170
                                                                                                                                        SHA-256:AF0F1D44555095CEDD4660D278350CD9050286CEB74E6C3D211BB29F12F12D65
                                                                                                                                        SHA-512:0BBBD842C95110DAE6A08176DC690477D6556081F6C7EBF231AC855B8EA679BB0BF14F18591FF7FD469775A4B234D89CB45239A452F56B9AB32C840600F13C36
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:[General]..Timestamp=1713504872..DeviceId=dev_id_ccbeb760-5712-4410-83d3-35c16a0936b0..

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                        Entropy (8bit):7.7582093340859695
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                                                                        • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                        File name:SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        File size:1'885'792 bytes
                                                                                                                                        MD5:8248611347661c3ea4f8e27335cd1700
                                                                                                                                        SHA1:91e8b00f747f551edc43da93586f555cb98bb28d
                                                                                                                                        SHA256:59f4ae1f38b93b1303c37894f8bce134d2f75e6404bee7509a97b951c824b5bd
                                                                                                                                        SHA512:55dff5c0d6b5c61e8a42247c73a563bd7ebfab608e3d8b0e6232e36b0c27cbc1ba967d01f5984e1c10d17c703b36b540f54b24bf0eaf693bd6c43223ffcd471e
                                                                                                                                        SSDEEP:49152:z3p2AwR6DvD5XGok+XU7jKALad+YvlYkUhLn2hz7lLq:z3MV6DvUohM2AktvlYhD2hz5Lq
                                                                                                                                        TLSH:659512C399A864A5CE1A8F7638F74F750A134E537DB95A0E0314B2A41B727C73A22D37
                                                                                                                                        File Content Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........p..B...B...B.....`.W.....b.......c.].....V.E....y..X....d..I....x..L....y..d....y......Ki..G...Ki..g...B........x..3....d..V..

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:0d0e46573669292e

                                                                                                                                        Static PE Info

                                                                                                                                        General

                                                                                                                                        Entrypoint:0x8b9e20
                                                                                                                                        Entrypoint Section:UPX1
                                                                                                                                        Digitally signed:true
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                        Time Stamp:0x65F95226 [Tue Mar 19 08:51:50 2024 UTC]
                                                                                                                                        TLS Callbacks:0x8ba02a
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:5
                                                                                                                                        OS Version Minor:1
                                                                                                                                        File Version Major:5
                                                                                                                                        File Version Minor:1
                                                                                                                                        Subsystem Version Major:5
                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                        Import Hash:b90abb5b33ee63ca28b4336993233c13

                                                                                                                                        Authenticode Signature

                                                                                                                                        Signature Valid:true
                                                                                                                                        Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                        Error Number:0
                                                                                                                                        Not Before, Not After
                                                                                                                                        • 03/11/2022 00:00:00 02/11/2025 23:59:59
                                                                                                                                        Subject Chain
                                                                                                                                        • CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK
                                                                                                                                        Version:3
                                                                                                                                        Thumbprint MD5:D66FB0B33C8A4E8BDD5E38ABC8891B2F
                                                                                                                                        Thumbprint SHA-1:257F56D595316F1E2810D992911AC064E193830C
                                                                                                                                        Thumbprint SHA-256:291BF0B743D5D48D7493AA12325CFBBAA89202DFFA2D9016D3B5D03B03512F0E
                                                                                                                                        Serial:00E04F3F5B78CA4D710F158ABFFE050F97

                                                                                                                                        Entrypoint Preview

                                                                                                                                        Instruction
                                                                                                                                        pushad
                                                                                                                                        mov esi, 00734000h
                                                                                                                                        lea edi, dword ptr [esi-00333000h]
                                                                                                                                        mov dword ptr [edi+003F9F98h], 415D0537h
                                                                                                                                        push edi
                                                                                                                                        or ebp, FFFFFFFFh
                                                                                                                                        jmp 00007FC2E0F4B190h
                                                                                                                                        nop
                                                                                                                                        nop
                                                                                                                                        nop
                                                                                                                                        nop
                                                                                                                                        mov al, byte ptr [esi]
                                                                                                                                        inc esi
                                                                                                                                        mov byte ptr [edi], al
                                                                                                                                        inc edi
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        jc 00007FC2E0F4B16Fh
                                                                                                                                        mov eax, 00000001h
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        adc eax, eax
                                                                                                                                        add ebx, ebx
                                                                                                                                        jnc 00007FC2E0F4B18Dh
                                                                                                                                        jne 00007FC2E0F4B1AAh
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        jc 00007FC2E0F4B1A1h
                                                                                                                                        dec eax
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        adc eax, eax
                                                                                                                                        jmp 00007FC2E0F4B156h
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        adc ecx, ecx
                                                                                                                                        jmp 00007FC2E0F4B1D4h
                                                                                                                                        xor ecx, ecx
                                                                                                                                        sub eax, 03h
                                                                                                                                        jc 00007FC2E0F4B193h
                                                                                                                                        shl eax, 08h
                                                                                                                                        mov al, byte ptr [esi]
                                                                                                                                        inc esi
                                                                                                                                        xor eax, FFFFFFFFh
                                                                                                                                        je 00007FC2E0F4B1F7h
                                                                                                                                        sar eax, 1
                                                                                                                                        mov ebp, eax
                                                                                                                                        jmp 00007FC2E0F4B18Dh
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        jc 00007FC2E0F4B14Eh
                                                                                                                                        inc ecx
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        jc 00007FC2E0F4B140h
                                                                                                                                        add ebx, ebx
                                                                                                                                        jne 00007FC2E0F4B189h
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        adc ecx, ecx
                                                                                                                                        add ebx, ebx
                                                                                                                                        jnc 00007FC2E0F4B171h
                                                                                                                                        jne 00007FC2E0F4B18Bh
                                                                                                                                        mov ebx, dword ptr [esi]
                                                                                                                                        sub esi, FFFFFFFCh
                                                                                                                                        adc ebx, ebx
                                                                                                                                        jnc 00007FC2E0F4B166h
                                                                                                                                        add ecx, 02h
                                                                                                                                        cmp ebp, 00000000h

                                                                                                                                        Rich Headers

                                                                                                                                        Programming Language:
                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                        Data Directories

                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3e06300x4600UPX1
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x4f57080x3ec.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4bb0000x3a708.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x1c74700x51f0UPX0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x4f5af40x28.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x4ba04c0x18UPX1
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4ba07c0xa0UPX1
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                        Sections

                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        UPX00x10000x3330000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        UPX10x3340000x1870000x186200f0637c2b404bb88797193839af51ef30False0.9890678818888177data7.923008747587459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .rsrc0x4bb0000x3b0000x3ac00a2c61d176d6da074e304637789ea5cb6False0.2796625664893617data4.898595150025045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                        Resources

                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                        LANG0x435e100x10e2TeX DVI file (\342l\336\374\207\314~)ChineseChina1.0025451180009255
                                                                                                                                        LANG0x436ef80x14eddataChineseChina1.002053388090349
                                                                                                                                        LANG0x4383e80x15b6dataChineseChina1.0019791291831595
                                                                                                                                        LANG0x4399a00x14cedataChineseChina1.0020653398422832
                                                                                                                                        LANG0x43ae700x12f6dataChineseChina0.9977338277709106
                                                                                                                                        LANG0x43c1680x1686dataChineseChina1.0015608740894901
                                                                                                                                        LANG0x43d7f00x1112dataChineseChina1.0025171624713958
                                                                                                                                        LANG0x43e9080x18a9dataChineseChina0.9995247901156344
                                                                                                                                        LANG0x4401b80x12f4dataChineseChina1.0022671063478978
                                                                                                                                        LANG0x4414b00x12fbdataChineseChina0.9874459765383824
                                                                                                                                        PNG0x416d200x7cb0dataChineseChina0.9887844611528822
                                                                                                                                        PNG0x42d5380x6bMPEG-4 LOASChineseChina1.102803738317757
                                                                                                                                        PNG0x42d5a80x6bdataChineseChina1.102803738317757
                                                                                                                                        PNG0x42d6180x6bdataChineseChina1.102803738317757
                                                                                                                                        PNG0x42d6880x73dataChineseChina1.0956521739130434
                                                                                                                                        PNG0x42d7000x73dataChineseChina1.0956521739130434
                                                                                                                                        PNG0x42d7780x81dataChineseChina1.0852713178294573
                                                                                                                                        PNG0x42d8000x1e05dataChineseChina1.0001301236174365
                                                                                                                                        PNG0x4311880x6b6dataChineseChina1.0064027939464493
                                                                                                                                        PNG0x4318400x8cddataChineseChina1.0048823790501553
                                                                                                                                        PNG0x4321100xf8dataChineseChina1.0443548387096775
                                                                                                                                        PNG0x4322080xf3dataChineseChina1.045267489711934
                                                                                                                                        PNG0x4323000x222dataChineseChina1.02014652014652
                                                                                                                                        PNG0x4325280x221dataChineseChina1.0201834862385322
                                                                                                                                        PNG0x4327500x1aedataChineseChina1.0255813953488373
                                                                                                                                        PNG0x4329000x81dataChineseChina1.0852713178294573
                                                                                                                                        PNG0x4329880x7adataChineseChina1.0901639344262295
                                                                                                                                        PNG0x432a080x7adataChineseChina1.0901639344262295
                                                                                                                                        PNG0x432a880x7adataChineseChina1.0901639344262295
                                                                                                                                        PNG0x432b080xdadataChineseChina1.0504587155963303
                                                                                                                                        PNG0x432be80xdddataChineseChina1.0497737556561086
                                                                                                                                        PNG0x432cc80xdbdataChineseChina1.0502283105022832
                                                                                                                                        PNG0x432da80x8adataChineseChina1.0797101449275361
                                                                                                                                        PNG0x432e380x8adataChineseChina1.0797101449275361
                                                                                                                                        PNG0x432ec80x8aOpenPGP Public KeyChineseChina1.0797101449275361
                                                                                                                                        PNG0x432f580xf8dataChineseChina1.0443548387096775
                                                                                                                                        PNG0x4330500xbfdataChineseChina1.057591623036649
                                                                                                                                        PNG0x426da00x6796dataChineseChina0.9965306584206953
                                                                                                                                        PNG0x42f6080x1b7fdataChineseChina1.0012785907089075
                                                                                                                                        PNG0x41e9d00x83cddataChineseChina0.9946059689991406
                                                                                                                                        PNG0x4331100xbfOpenPGP Public KeyChineseChina1.057591623036649
                                                                                                                                        PNG0x4331d00xbcdataChineseChina1.0585106382978724
                                                                                                                                        PNG0x4332900xbddataChineseChina1.0582010582010581
                                                                                                                                        PNG0x4333500xbcdataChineseChina1.0585106382978724
                                                                                                                                        PNG0x4334100xa7OpenPGP Public KeyChineseChina1.0658682634730539
                                                                                                                                        PNG0x4334b80xa8dataChineseChina1.0654761904761905
                                                                                                                                        PNG0x4335600xa9dataChineseChina1.0650887573964498
                                                                                                                                        RT_ICON0x4bbd180x57dcPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9967544015650008
                                                                                                                                        RT_ICON0x4c14f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1255619306754998
                                                                                                                                        RT_ICON0x4d1d240x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.19865461425268027
                                                                                                                                        RT_ICON0x4db1d00x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.20609022556390977
                                                                                                                                        RT_ICON0x4e19bc0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.2331792975970425
                                                                                                                                        RT_ICON0x4e6e480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.21882380727444498
                                                                                                                                        RT_ICON0x4eb0740x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 14880EnglishUnited States0.2640080428954424
                                                                                                                                        RT_ICON0x4eeac00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3078838174273859
                                                                                                                                        RT_ICON0x4f106c0x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.31997041420118344
                                                                                                                                        RT_ICON0x4f2ad80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3698405253283302
                                                                                                                                        RT_ICON0x4f3b840x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4905737704918033
                                                                                                                                        RT_ICON0x4f45100x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.5203488372093024
                                                                                                                                        RT_ICON0x4f4bcc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5921985815602837
                                                                                                                                        RT_DIALOG0x47bb600x4cdataEnglishUnited States1.144736842105263
                                                                                                                                        RT_GROUP_ICON0x4f50380xbcdataEnglishUnited States0.7074468085106383
                                                                                                                                        RT_VERSION0x4f50f80x380dataEnglishUnited States0.4296875
                                                                                                                                        RT_HTML0x4336100x27fedataChineseChina0.9893533893338543
                                                                                                                                        RT_MANIFEST0x4f547c0x28bXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5529953917050692

                                                                                                                                        Imports

                                                                                                                                        DLLImport
                                                                                                                                        ADVAPI32.dllFreeSid
                                                                                                                                        COMCTL32.dllInitCommonControlsEx
                                                                                                                                        CRYPT32.dllCertOpenStore
                                                                                                                                        dbghelp.dllMiniDumpWriteDump
                                                                                                                                        GDI32.dllBitBlt
                                                                                                                                        gdiplus.dllGdipFree
                                                                                                                                        KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                                                                                                        ole32.dllCoInitialize
                                                                                                                                        OLEAUT32.dllGetErrorInfo
                                                                                                                                        PSAPI.DLLGetWsChanges
                                                                                                                                        SHELL32.dllShellExecuteW
                                                                                                                                        SHLWAPI.dllSHDeleteKeyW
                                                                                                                                        USER32.dllGetDC
                                                                                                                                        VERSION.dllVerQueryValueW
                                                                                                                                        WININET.dllInternetOpenA
                                                                                                                                        WINMM.dlltimeGetTime
                                                                                                                                        WLDAP32.dll
                                                                                                                                        WS2_32.dllWSAGetLastError

                                                                                                                                        Possible Origin

                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                        ChineseChina
                                                                                                                                        EnglishUnited States

                                                                                                                                        Network Behavior

                                                                                                                                        No network behavior found

                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:06:25:56
                                                                                                                                        Start date:19/04/2024
                                                                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanPSW.Maria.32604.16928.exe"
                                                                                                                                        Imagebase:0xa40000
                                                                                                                                        File size:1'885'792 bytes
                                                                                                                                        MD5 hash:8248611347661C3EA4F8E27335CD1700
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:false

                                                                                                                                        Disassembly

                                                                                                                                        Reset < >

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:5.1%
                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                          Signature Coverage:8.2%
                                                                                                                                          Total number of Nodes:1397
                                                                                                                                          Total number of Limit Nodes:43
                                                                                                                                          execution_graph 53193 a438c0 53195 a438cb std::ios_base::_Tidy 53193->53195 53197 a43aa2 std::ios_base::_Tidy 53195->53197 53201 d17e47 53195->53201 53206 d17dbc 21 API calls 4 library calls 53201->53206 53203 d17e56 53207 d17e64 IsProcessorFeaturePresent 53203->53207 53205 d17e63 53206->53203 53208 d17e6f 53207->53208 53211 d17c49 53208->53211 53210 d17e84 GetCurrentProcess TerminateProcess 53210->53205 53212 d17c65 __Getcvt _Atexit 53211->53212 53213 d17c91 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 53212->53213 53214 d17d62 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z _Atexit 53213->53214 53214->53210 53215 a4de20 53308 a5e8b0 53215->53308 53219 a4de98 53220 a4dea1 53219->53220 53221 a4e33b 53219->53221 53222 a4e0d8 53220->53222 53223 a4deaa 53220->53223 53332 a5a610 53221->53332 53441 a5a2b0 107 API calls 5 library calls 53222->53441 53227 a5a610 55 API calls 53223->53227 53238 a4e0ce __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 53223->53238 53226 a4e350 53361 a507f0 53226->53361 53230 a4dec8 53227->53230 53228 a4e0ed 53442 a507b0 21 API calls std::_Facet_Register 53228->53442 53417 a50770 21 API calls std::_Facet_Register 53230->53417 53233 a4e52f 53364 a589a0 53233->53364 53234 a4e2f5 53448 a58350 107 API calls 6 library calls 53234->53448 53237 a4e08c 53440 a57f40 127 API calls 5 library calls 53237->53440 53243 a4e53c std::ios_base::_Tidy 53243->53238 53455 a4e940 82 API calls 4 library calls 53243->53455 53244 a4e302 std::ios_base::_Tidy 53244->53238 53449 a4ecd0 82 API calls 4 library calls 53244->53449 53245 a4f030 71 API calls 53247 a4e099 std::ios_base::_Tidy 53245->53247 53247->53238 53247->53245 53248 a44c90 27 API calls std::system_error::system_error 53266 a4dee5 53248->53266 53250 a44c90 27 API calls std::system_error::system_error 53259 a4e36d 53250->53259 53258 a44c90 27 API calls std::system_error::system_error 53267 a4e10a 53258->53267 53259->53233 53259->53250 53260 a4e5ce 53259->53260 53450 d2cca8 22 API calls 53259->53450 53451 d2c270 22 API calls 53259->53451 53452 d2caf5 44 API calls 53259->53452 53453 a51140 27 API calls std::system_error::system_error 53259->53453 53454 a4e940 82 API calls 4 library calls 53259->53454 53412 c5020b 53260->53412 53263 a4e5d8 53268 a44c90 std::system_error::system_error 27 API calls 53263->53268 53266->53237 53266->53248 53266->53260 53418 d2cca8 22 API calls 53266->53418 53419 d2c270 22 API calls 53266->53419 53420 d2caf5 44 API calls 53266->53420 53421 a514b0 27 API calls std::system_error::system_error 53266->53421 53422 a4f030 53266->53422 53267->53234 53267->53258 53267->53260 53443 d2cca8 22 API calls 53267->53443 53444 d2c270 22 API calls 53267->53444 53445 d2caf5 44 API calls 53267->53445 53446 a512f0 27 API calls std::system_error::system_error 53267->53446 53447 a4ecd0 82 API calls 4 library calls 53267->53447 53271 a4e63b 53268->53271 53272 a4e722 WritePrivateProfileStringA 53271->53272 53273 a44c90 std::system_error::system_error 27 API calls 53271->53273 53275 a4e744 53272->53275 53277 a4e762 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 53272->53277 53276 a4e6ac 53273->53276 53275->53277 53281 d17e47 SimpleUString::operator= 21 API calls 53275->53281 53278 a4a350 21 API calls 53276->53278 53279 a4e6b8 53278->53279 53280 a4e6ec GetFileAttributesA 53279->53280 53282 a4e6e2 std::ios_base::_Tidy 53279->53282 53284 a4e78c 53279->53284 53280->53272 53283 a4e703 GetLastError 53280->53283 53287 a4e796 53281->53287 53282->53280 53283->53272 53285 a4e70e CreateDirectoryA 53283->53285 53286 d17e47 SimpleUString::operator= 21 API calls 53284->53286 53285->53272 53286->53275 53287->53287 53288 a44c90 std::system_error::system_error 27 API calls 53287->53288 53289 a4e806 53288->53289 53290 a44c90 std::system_error::system_error 27 API calls 53289->53290 53291 a4e826 53290->53291 53292 a44c90 std::system_error::system_error 27 API calls 53291->53292 53293 a4e835 53292->53293 53294 d2cca8 22 API calls 53293->53294 53295 a4e83c 53294->53295 53296 d2c270 22 API calls 53295->53296 53297 a4e854 53296->53297 53298 d2caf5 44 API calls 53297->53298 53299 a4e85a 53298->53299 53300 a51140 27 API calls 53299->53300 53301 a4e8e8 53300->53301 53302 a4e8f9 53301->53302 53303 a4e92b 53301->53303 53304 a4e940 82 API calls 53302->53304 53305 c5020b std::system_error::system_error 23 API calls 53303->53305 53306 a4e90d __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 53304->53306 53307 a4e935 53305->53307 53456 cea564 53308->53456 53310 a4de80 53311 a5a970 RegOpenKeyExA 53310->53311 53312 a5a9c2 53311->53312 53317 a5aaec __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 53311->53317 53479 a44c90 53312->53479 53314 a5a9de RegQueryValueExA 53315 a5acb3 RegCloseKey 53314->53315 53316 a5aa0a 53314->53316 53315->53317 53318 a5aa12 RegQueryValueExA 53316->53318 53317->53219 53319 a5aa3a 53318->53319 53331 a5ab9a std::ios_base::_Tidy 53318->53331 53320 a44c90 std::system_error::system_error 27 API calls 53319->53320 53321 a5aa63 53320->53321 53323 a5aa7d 53321->53323 53492 a4a0d0 27 API calls std::system_error::system_error 53321->53492 53324 a5aadc std::ios_base::_Tidy 53323->53324 53325 a5ad0d 53323->53325 53324->53317 53328 a5ab0c std::ios_base::_Tidy 53324->53328 53493 a4a0d0 27 API calls std::system_error::system_error 53324->53493 53327 d17e47 SimpleUString::operator= 21 API calls 53325->53327 53330 a5ad30 std::ios_base::_Tidy 53327->53330 53328->53317 53328->53331 53494 a4a0d0 27 API calls std::system_error::system_error 53328->53494 53330->53219 53331->53315 53331->53317 53333 a5a64f 53332->53333 53496 a4ae70 53333->53496 53336 a4ae70 27 API calls 53337 a5a68a 53336->53337 53509 a545a0 53337->53509 53339 a5a6b0 53517 b0e730 53339->53517 53341 a5a6cd 53342 a5a706 std::ios_base::_Tidy 53341->53342 53343 a5a951 53341->53343 53344 a545a0 29 API calls 53342->53344 53355 a5a754 std::ios_base::_Tidy __Getcvt 53342->53355 53345 d17e47 SimpleUString::operator= 21 API calls 53343->53345 53346 a5a737 53344->53346 53347 a5a96a 53345->53347 53350 b0e730 16 API calls 53346->53350 53348 a5a7e4 53349 a51fe0 UnDecorator::getTemplateConstant 44 API calls 53348->53349 53352 a5a7df 53349->53352 53350->53355 53351 a5a7c7 53646 a51fe0 53351->53646 53582 ad1b80 53352->53582 53355->53348 53355->53351 53360 a5a83b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 53355->53360 53356 a5a81b 53357 a5a82f 53356->53357 53650 a672c0 53356->53650 53624 b0bf40 53357->53624 53360->53226 53362 cea564 std::_Facet_Register 21 API calls 53361->53362 53363 a507fd 53362->53363 53363->53259 53365 a589e0 53364->53365 53366 a4ae70 27 API calls 53365->53366 53367 a58a0e 53366->53367 53368 a4ae70 27 API calls 53367->53368 53369 a58a2a 53368->53369 53370 a545a0 29 API calls 53369->53370 53371 a58a50 53370->53371 53372 b0e730 16 API calls 53371->53372 53373 a58a6d 53372->53373 53374 a58aa6 std::ios_base::_Tidy 53373->53374 53375 a58fc5 53373->53375 53376 a545a0 29 API calls 53374->53376 53379 a58af4 std::ios_base::_Tidy __Getcvt 53374->53379 53378 d17e47 SimpleUString::operator= 21 API calls 53375->53378 53377 a58ad7 53376->53377 53382 b0e730 16 API calls 53377->53382 53380 a58fde 53378->53380 53381 a51fe0 UnDecorator::getTemplateConstant 44 API calls 53379->53381 53386 a58b3b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 53379->53386 53395 a58ff5 53380->53395 54005 cea299 5 API calls __Init_thread_wait 53380->54005 53385 a58b94 53381->53385 53382->53379 53384 a59005 53387 a5e8b0 21 API calls 53384->53387 53384->53395 53385->53386 53389 a97100 18 API calls 53385->53389 53386->53243 53388 a5901a 53387->53388 54006 cea076 24 API calls __onexit 53388->54006 53391 a58bcc 53389->53391 53399 a58be8 _Yarn 53391->53399 54002 a97950 15 API calls 53391->54002 53392 a59029 54007 cea24f RtlEnterCriticalSection RtlLeaveCriticalSection SetEvent ResetEvent 53392->54007 53395->53243 53397 a58bdb 54003 a97a50 15 API calls 53397->54003 53979 a95fa0 53399->53979 53400 a58e9b 53401 b0bf40 15 API calls 53400->53401 53401->53386 53402 a51fe0 UnDecorator::getTemplateConstant 44 API calls 53408 a58c3f __Getcvt 53402->53408 53403 a987b0 15 API calls 53403->53408 53405 a98640 15 API calls 53405->53408 53406 a98660 15 API calls 53406->53408 53407 a97100 18 API calls 53407->53408 53408->53386 53408->53400 53408->53402 53408->53403 53408->53405 53408->53406 53408->53407 53409 a95fa0 18 API calls 53408->53409 53410 a58e8c 53408->53410 54004 a98540 15 API calls 53408->54004 53409->53408 53411 b0bf40 15 API calls 53410->53411 53411->53386 54014 b30980 22 API calls ___std_exception_copy 53412->54014 53414 c5021c 53415 d0ce2e __CxxThrowException@8 KiUserExceptionDispatcher 53414->53415 53416 c5022a 53415->53416 53417->53266 53418->53266 53419->53266 53420->53266 53421->53266 53425 a4f03b std::ios_base::_Tidy 53422->53425 53423 d17e47 SimpleUString::operator= 21 API calls 53424 a4f190 __Getcvt 53423->53424 53426 a4f204 GetModuleFileNameA 53424->53426 53425->53423 53427 a4f16b std::ios_base::_Tidy 53425->53427 53428 a4f225 53426->53428 53430 a4f235 _strrchr 53426->53430 53427->53266 54028 d2e323 21 API calls 2 library calls 53428->54028 53431 a44c90 std::system_error::system_error 27 API calls 53430->53431 53432 a4f27c 53431->53432 53434 a4f298 SimpleUString::operator= 53432->53434 54029 a4b3f0 53432->54029 54015 a4f360 53434->54015 53436 a4f324 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 53436->53266 53437 a4f2f8 53437->53436 53438 d17e47 SimpleUString::operator= 21 API calls 53437->53438 53439 a4f350 53438->53439 53440->53247 53441->53228 53442->53267 53443->53267 53444->53267 53445->53267 53446->53267 53447->53267 53448->53244 53449->53244 53450->53259 53451->53259 53452->53259 53453->53259 53454->53259 53455->53243 53458 cea569 53456->53458 53459 cea583 53458->53459 53462 cea585 Concurrency::cancel_current_task 53458->53462 53466 d1800c 53458->53466 53473 d497e5 RtlEnterCriticalSection RtlLeaveCriticalSection __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::_Facet_Register 53458->53473 53459->53310 53461 ceb957 std::_Facet_Register 53463 d0ce2e __CxxThrowException@8 KiUserExceptionDispatcher 53461->53463 53462->53461 53474 d0ce2e 53462->53474 53465 ceb974 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 53463->53465 53465->53310 53471 d4f7dd std::_Locinfo::_Locinfo_ctor 53466->53471 53467 d4f81b 53478 d17f5d 15 API calls __dosmaperr 53467->53478 53468 d4f806 RtlAllocateHeap 53470 d4f819 53468->53470 53468->53471 53470->53458 53471->53467 53471->53468 53477 d497e5 RtlEnterCriticalSection RtlLeaveCriticalSection __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::_Facet_Register 53471->53477 53473->53458 53476 d0ce4e KiUserExceptionDispatcher 53474->53476 53476->53461 53477->53471 53478->53470 53482 a44cce 53479->53482 53484 a44ca6 SimpleUString::operator= 53479->53484 53480 a44dad 53495 a46b50 23 API calls std::system_error::system_error 53480->53495 53482->53480 53485 a44d17 53482->53485 53486 a44d3c 53482->53486 53483 a44db2 _Yarn 53483->53314 53484->53314 53487 cea564 std::_Facet_Register 21 API calls 53485->53487 53488 cea564 std::_Facet_Register 21 API calls 53486->53488 53490 a44d28 _Yarn 53486->53490 53487->53490 53488->53490 53489 d17e47 SimpleUString::operator= 21 API calls 53489->53480 53490->53489 53491 a44d8f std::ios_base::_Tidy 53490->53491 53491->53314 53492->53323 53493->53328 53494->53331 53495->53483 53497 a4aec7 53496->53497 53499 a4aef6 53497->53499 53502 a4af0f _Yarn 53497->53502 53505 a4af07 std::ios_base::_Tidy 53497->53505 53659 a4bbd0 27 API calls 5 library calls 53499->53659 53500 a4af7a 53503 a4ab80 SimpleUString::operator= 27 API calls 53500->53503 53502->53505 53506 a4afac 53502->53506 53504 a4af98 53503->53504 53504->53336 53654 a4ab80 53505->53654 53507 d17e47 SimpleUString::operator= 21 API calls 53506->53507 53508 a4afb1 53507->53508 53510 a545b3 53509->53510 53510->53510 53511 a545be WideCharToMultiByte 53510->53511 53512 a545e5 53511->53512 53513 a545fb WideCharToMultiByte 53512->53513 53514 a54633 53513->53514 53514->53514 53515 a44c90 std::system_error::system_error 27 API calls 53514->53515 53516 a54645 std::ios_base::_Tidy 53515->53516 53516->53339 53661 b0acf0 53517->53661 53520 b0ec3c 53521 b0ec53 53520->53521 53522 b0bf40 15 API calls 53520->53522 53521->53341 53522->53521 53523 b0e82b 53678 b0de30 53523->53678 53524 b0e75b __Getcvt 53524->53521 53524->53523 53526 b0e81b 53524->53526 53577 b0e821 53524->53577 53528 a672c0 15 API calls 53526->53528 53527 b0e921 53529 b0de30 15 API calls 53527->53529 53528->53577 53530 b0e938 53529->53530 53531 b0de30 15 API calls 53530->53531 53532 b0e94f 53531->53532 53533 b0de30 15 API calls 53532->53533 53534 b0e966 53533->53534 53535 b0de30 15 API calls 53534->53535 53536 b0e980 53535->53536 53537 b0e9c4 53536->53537 53538 b0e99f 53536->53538 53536->53577 53695 b0e020 53537->53695 53715 a6a250 15 API calls 53538->53715 53541 b0e9ba 53717 a6b1e0 15 API calls 53541->53717 53542 b0e9df 53543 b0e9e8 53542->53543 53544 b0ea1b 53542->53544 53543->53541 53716 a67b60 15 API calls 53543->53716 53549 b0ea40 53544->53549 53550 b0ea6c 53544->53550 53546 b0ea0d 53548 a672c0 15 API calls 53546->53548 53548->53577 53551 b0ea60 53549->53551 53552 b0ea56 53549->53552 53720 ac3b70 15 API calls __Getcvt 53550->53720 53719 a6b0d0 15 API calls 53551->53719 53718 a6b140 15 API calls 53552->53718 53556 b0ea84 53557 b0ea9f 53556->53557 53721 ac32c0 15 API calls 53556->53721 53722 ac3b70 15 API calls __Getcvt 53557->53722 53560 b0eabe 53563 b0eb06 53560->53563 53560->53577 53723 a6b0d0 15 API calls 53560->53723 53724 ac3670 15 API calls _Yarn 53563->53724 53564 b0eb32 53565 b0eb94 53564->53565 53725 a69fd0 16 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 53564->53725 53728 b0dce0 15 API calls 53565->53728 53568 b0eb5f 53569 b0eb85 53568->53569 53726 b0cff0 15 API calls 53568->53726 53569->53565 53727 a67b60 15 API calls 53569->53727 53570 b0ebcb 53729 a6b0d0 15 API calls 53570->53729 53574 b0eb9a 53574->53570 53580 b0ec62 53574->53580 53575 b0ebd7 53575->53577 53730 b0b630 15 API calls __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 53575->53730 53731 b0dce0 15 API calls 53577->53731 53578 b0ed77 53733 b0dce0 15 API calls 53578->53733 53580->53578 53732 a6b1e0 15 API calls 53580->53732 53583 ad1b9c 53582->53583 53585 ad1b95 53582->53585 53584 ad1bef 53583->53584 53583->53585 53620 ad1c27 53584->53620 53758 a6b0d0 15 API calls 53584->53758 53756 a6a250 15 API calls 53585->53756 53587 ad1bc2 53757 a6a250 15 API calls 53587->53757 53590 ad1be0 53590->53356 53592 ad2105 53592->53356 53593 ad2070 53593->53592 53828 b0da50 15 API calls 53593->53828 53594 ad1f06 53595 ad1f94 53594->53595 53598 ad1f2d 53594->53598 53602 ad1f75 53594->53602 53800 a93800 53594->53800 53826 a940f0 15 API calls 53595->53826 53601 ad1f42 53598->53601 53824 a93ba0 15 API calls 53598->53824 53601->53595 53825 a67330 15 API calls 53601->53825 53602->53593 53827 a67c40 15 API calls 53602->53827 53610 ad2094 _Yarn 53610->53592 53829 a6b0d0 15 API calls 53610->53829 53611 ad1f4a 53612 ad1f5f 53611->53612 53821 a93c90 18 API calls 53611->53821 53822 a940f0 15 API calls 53612->53822 53616 a672c0 15 API calls 53616->53620 53617 ad1f66 53823 a6b0d0 15 API calls 53617->53823 53620->53594 53620->53602 53620->53611 53620->53616 53622 ad1efe 53620->53622 53759 a97100 53620->53759 53792 a67750 15 API calls 53620->53792 53793 a98160 15 API calls 53620->53793 53794 a97e60 15 API calls 53620->53794 53795 a6b0d0 15 API calls 53620->53795 53796 a67c40 15 API calls 53620->53796 53797 a93c90 18 API calls 53620->53797 53798 a940f0 15 API calls 53620->53798 53799 a67b60 15 API calls 53622->53799 53625 b0c0b1 53624->53625 53626 b0bf56 53624->53626 53625->53360 53627 b0bf65 53626->53627 53637 b0bfa3 53626->53637 53916 a6a250 15 API calls 53627->53916 53629 b0c027 53631 b0c048 53629->53631 53919 aed460 15 API calls 53629->53919 53630 b0bf76 53917 a6a250 15 API calls 53630->53917 53886 aed540 53631->53886 53634 b0bf94 53634->53360 53636 b0c04f 53639 aee6e0 15 API calls 53636->53639 53637->53629 53918 aed460 15 API calls 53637->53918 53640 b0c068 53639->53640 53641 b0c0a6 53640->53641 53643 b0c079 53640->53643 53890 b0c190 53641->53890 53920 a6b1e0 15 API calls 53643->53920 53645 b0c086 53645->53360 53647 a51ff7 UnDecorator::getTemplateConstant 53646->53647 53954 d2a5ae 53647->53954 53651 a67301 53650->53651 53652 a672cb 53650->53652 53651->53357 53652->53651 53653 d4f7a3 15 API calls 53652->53653 53653->53651 53655 a4abcd 53654->53655 53658 a4ab95 SimpleUString::operator= 53654->53658 53660 a4b560 27 API calls 4 library calls 53655->53660 53657 a4abe0 53657->53500 53658->53500 53659->53505 53660->53657 53662 b0ad03 53661->53662 53663 b0ad0c 53661->53663 53662->53524 53665 b0ad6e __Getcvt 53663->53665 53677 b0af56 53663->53677 53743 b0b2b0 15 API calls 53663->53743 53668 b0aee8 53665->53668 53665->53677 53744 b0b2b0 15 API calls 53665->53744 53666 b0acf0 16 API calls 53669 b0af14 53666->53669 53668->53666 53668->53677 53670 a672c0 15 API calls 53669->53670 53669->53677 53671 b0af35 53670->53671 53734 a715e0 GetSystemInfo 53671->53734 53675 b0af4d 53676 b0acf0 16 API calls 53675->53676 53675->53677 53676->53677 53677->53524 53679 b0de4c 53678->53679 53680 b0de65 53679->53680 53681 b0df97 53679->53681 53685 b0de75 53680->53685 53746 ac31e0 15 API calls _Yarn 53680->53746 53750 a6a250 15 API calls 53681->53750 53684 b0dfb2 53684->53527 53686 b0dea0 53685->53686 53694 b0debc 53685->53694 53747 a6b1e0 15 API calls 53686->53747 53689 b0df31 53690 b0df3f 53689->53690 53749 a6b0d0 15 API calls 53689->53749 53690->53527 53691 b0dead 53691->53527 53693 b0df7e 53693->53527 53694->53689 53748 ac31e0 15 API calls _Yarn 53694->53748 53697 b0e047 53695->53697 53696 b0e53e 53698 b0acf0 16 API calls 53696->53698 53697->53696 53700 b0e090 53697->53700 53702 b0e513 _Yarn 53698->53702 53699 b0e665 53699->53542 53701 b0acf0 16 API calls 53700->53701 53707 b0e0e0 53701->53707 53702->53699 53754 a664c0 16 API calls 53702->53754 53704 b0e597 53709 b0e181 53704->53709 53755 a69fd0 16 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 53704->53755 53706 b0e16a 53751 a69fd0 16 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 53706->53751 53707->53699 53707->53706 53712 b0e189 53707->53712 53709->53542 53710 b0e4b2 53752 a69fd0 16 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 53710->53752 53712->53702 53712->53710 53713 b0e518 53712->53713 53753 a69fd0 16 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 53713->53753 53715->53541 53716->53541 53717->53546 53718->53577 53719->53577 53720->53556 53721->53557 53722->53560 53723->53563 53724->53564 53725->53568 53726->53569 53727->53565 53728->53574 53729->53575 53730->53577 53731->53520 53732->53580 53733->53575 53735 b0acf0 15 API calls 53734->53735 53738 a7160c 53735->53738 53736 b0acf0 15 API calls 53740 a716a4 53736->53740 53737 b0acf0 15 API calls 53741 a71759 53737->53741 53738->53736 53739 b0acf0 15 API calls 53742 a7180a 53739->53742 53740->53737 53741->53739 53742->53677 53745 a664c0 16 API calls 53742->53745 53743->53665 53744->53668 53745->53675 53746->53685 53747->53691 53748->53689 53749->53693 53750->53684 53751->53709 53752->53709 53753->53709 53754->53704 53755->53709 53756->53587 53757->53590 53758->53620 53760 a97118 53759->53760 53762 a97129 53759->53762 53830 a6a250 15 API calls 53760->53830 53763 a97139 53762->53763 53831 a6a250 15 API calls 53762->53831 53764 a97124 53763->53764 53766 a97173 53763->53766 53832 a6a250 15 API calls 53764->53832 53833 a96e80 18 API calls 53766->53833 53768 a97164 53768->53620 53770 a973a4 53770->53620 53771 a97329 53774 a97335 53771->53774 53840 a67b60 15 API calls 53771->53840 53781 a97343 53774->53781 53841 a8f9d0 15 API calls 53774->53841 53775 a97388 53775->53770 53782 a973a8 53775->53782 53783 a97396 53775->53783 53777 a93800 18 API calls 53784 a97191 53777->53784 53781->53775 53842 a67330 15 API calls 53781->53842 53844 a679a0 15 API calls _Yarn 53782->53844 53843 a67c40 15 API calls 53783->53843 53784->53770 53784->53771 53784->53777 53834 a98c50 15 API calls 53784->53834 53835 a93ba0 15 API calls 53784->53835 53836 a67330 15 API calls 53784->53836 53837 a940f0 15 API calls 53784->53837 53838 a96060 18 API calls 53784->53838 53839 a96e80 18 API calls 53784->53839 53789 a973b1 53845 a67c40 15 API calls 53789->53845 53792->53620 53793->53620 53794->53620 53795->53620 53796->53620 53797->53620 53798->53620 53799->53594 53801 a93816 53800->53801 53846 a92ca0 17 API calls 53801->53846 53803 a93ab9 53803->53598 53804 a93822 53804->53803 53806 a9387e 53804->53806 53855 b0c9c0 53804->53855 53805 a938eb 53814 a939e3 53805->53814 53816 a93953 53805->53816 53864 a93790 15 API calls 53805->53864 53806->53805 53863 a90280 15 API calls 53806->53863 53810 b0c9c0 15 API calls 53810->53814 53811 a93aa6 53815 b0c9c0 15 API calls 53811->53815 53812 a9394f 53812->53816 53865 a92f20 16 API calls 53812->53865 53814->53803 53814->53811 53847 a93670 53814->53847 53815->53803 53816->53810 53816->53814 53820 a9395c 53816->53820 53820->53598 53821->53612 53822->53617 53823->53602 53824->53601 53825->53595 53826->53602 53827->53593 53828->53610 53829->53592 53830->53764 53831->53763 53832->53768 53833->53784 53834->53784 53835->53784 53836->53784 53837->53784 53838->53784 53839->53784 53840->53774 53841->53781 53842->53775 53843->53770 53844->53789 53845->53770 53846->53804 53848 a936f3 53847->53848 53854 a93696 53847->53854 53849 a93731 53848->53849 53852 a9371b 53848->53852 53867 aeea50 15 API calls 53848->53867 53849->53803 53849->53811 53866 a67330 15 API calls 53849->53866 53852->53849 53868 aeea50 15 API calls 53852->53868 53853 a84390 15 API calls 53853->53854 53854->53848 53854->53853 53858 b0c9dc 53855->53858 53856 b0ca48 53869 aee6e0 53856->53869 53858->53856 53876 a841f0 53858->53876 53860 b0ca57 53862 b0ca90 53860->53862 53882 aba8f0 15 API calls 53860->53882 53862->53806 53863->53805 53864->53812 53865->53816 53866->53811 53867->53852 53868->53849 53871 aee701 53869->53871 53872 aee815 53869->53872 53870 aee800 53870->53872 53873 a672c0 15 API calls 53870->53873 53871->53870 53874 a672c0 15 API calls 53871->53874 53883 a67330 15 API calls 53871->53883 53872->53860 53873->53872 53874->53871 53878 a84209 53876->53878 53877 a8422a 53881 a8425c 53877->53881 53885 a84070 15 API calls 53877->53885 53878->53877 53884 a7fa50 15 API calls 53878->53884 53881->53858 53882->53862 53883->53871 53884->53877 53885->53881 53887 aed694 53886->53887 53888 aed555 53886->53888 53887->53636 53888->53887 53889 a672c0 15 API calls 53888->53889 53889->53888 53891 b0c1a5 53890->53891 53893 b0c932 53890->53893 53892 b0c9c0 15 API calls 53891->53892 53891->53893 53901 b0c1e1 53892->53901 53893->53625 53894 b0c227 53895 b0c237 53894->53895 53948 ac38d0 15 API calls 2 library calls 53894->53948 53897 aed540 15 API calls 53895->53897 53898 b0c241 53897->53898 53933 aba460 53898->53933 53901->53894 53921 a821f0 53901->53921 53902 b0c248 53939 a6cd10 53902->53939 53904 a6cd10 15 API calls 53912 b0c506 53904->53912 53905 b0c3f8 53905->53904 53906 b0c60c 53907 a6cd10 15 API calls 53906->53907 53908 b0c617 53907->53908 53914 b0c65a 53908->53914 53950 a6b0d0 15 API calls 53908->53950 53911 b0c634 53911->53914 53951 a8eb20 15 API calls 53911->53951 53912->53906 53949 abacc0 15 API calls 53912->53949 53914->53893 53942 d4f7a3 53914->53942 53916->53630 53917->53634 53918->53637 53919->53629 53920->53645 53922 a82203 53921->53922 53923 a841f0 15 API calls 53922->53923 53929 a8221c 53923->53929 53924 a822fe 53926 a82313 53924->53926 53952 a73fe0 15 API calls 53924->53952 53925 a672c0 15 API calls 53925->53924 53928 a672c0 15 API calls 53926->53928 53930 a82320 53928->53930 53929->53924 53929->53925 53929->53930 53931 a672c0 15 API calls 53930->53931 53932 a82343 53931->53932 53932->53901 53934 aba530 53933->53934 53935 aba47b 53933->53935 53937 aba56f 53934->53937 53938 a672c0 15 API calls 53934->53938 53935->53934 53936 a672c0 15 API calls 53935->53936 53936->53935 53937->53902 53938->53937 53940 a672c0 15 API calls 53939->53940 53941 a6cd26 53940->53941 53941->53905 53943 d4f7ae RtlFreeHeap 53942->53943 53944 d4f7d7 __dosmaperr 53942->53944 53943->53944 53945 d4f7c3 53943->53945 53944->53893 53953 d17f5d 15 API calls __dosmaperr 53945->53953 53947 d4f7c9 GetLastError 53947->53944 53948->53895 53949->53912 53950->53911 53951->53914 53952->53926 53953->53947 53957 d1a3e1 53954->53957 53956 a52001 53956->53352 53958 d1a401 53957->53958 53959 d1a3ec 53957->53959 53961 d1a443 53958->53961 53964 d1a40f 53958->53964 53973 d17f5d 15 API calls __dosmaperr 53959->53973 53977 d17f5d 15 API calls __dosmaperr 53961->53977 53963 d1a3f1 53974 d17e37 21 API calls __wsopen_s 53963->53974 53975 d19a5c 44 API calls 5 library calls 53964->53975 53967 d1a3fc 53967->53956 53968 d1a427 53970 d1a453 53968->53970 53976 d17f5d 15 API calls __dosmaperr 53968->53976 53970->53956 53972 d1a43b 53978 d17e37 21 API calls __wsopen_s 53972->53978 53973->53963 53974->53967 53975->53968 53976->53972 53977->53972 53978->53970 53980 a95fad 53979->53980 53981 a95fb4 53979->53981 53980->53408 53982 a95fba 53981->53982 53986 a95fec 53981->53986 54008 a6a250 15 API calls 53982->54008 53984 a9601a 54011 a93c90 18 API calls 53984->54011 53985 a95fc6 54009 a6a250 15 API calls 53985->54009 53986->53984 54010 a95ec0 15 API calls 53986->54010 53990 a96021 54012 a940f0 15 API calls 53990->54012 53991 a95fe1 53991->53408 53993 a9602a 53994 a96044 53993->53994 53995 a96034 53993->53995 54013 a67c40 15 API calls 53994->54013 53997 b0c190 15 API calls 53995->53997 54000 a9603d 53997->54000 53998 a9604d 53999 b0c190 15 API calls 53998->53999 54001 a96056 53999->54001 54000->53408 54001->53408 54002->53397 54003->53399 54004->53408 54005->53384 54006->53392 54007->53395 54008->53985 54009->53991 54010->53984 54011->53990 54012->53993 54013->53998 54014->53414 54041 d2e282 54015->54041 54017 a4f53d __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54017->53437 54018 a4f532 54051 d2a89e 54018->54051 54020 a4f3b5 std::ios_base::_Tidy __Getcvt _strrchr 54020->54017 54020->54018 54021 a44c90 std::system_error::system_error 27 API calls 54020->54021 54023 a4f55e 54020->54023 54025 a4f568 54020->54025 54064 a510b0 27 API calls std::system_error::system_error 54020->54064 54021->54020 54024 c5020b std::system_error::system_error 23 API calls 54023->54024 54024->54025 54026 d17e47 SimpleUString::operator= 21 API calls 54025->54026 54027 a4f56d 54026->54027 54027->53437 54028->53430 54030 a4b415 54029->54030 54031 a4b52d 54029->54031 54034 a4b451 54030->54034 54035 a4b47b 54030->54035 54243 a46b50 23 API calls std::system_error::system_error 54031->54243 54033 d17e47 SimpleUString::operator= 21 API calls 54037 a4b537 54033->54037 54036 cea564 std::_Facet_Register 21 API calls 54034->54036 54038 cea564 std::_Facet_Register 21 API calls 54035->54038 54039 a4b462 _Yarn 54035->54039 54036->54039 54037->53434 54038->54039 54039->54033 54040 a4b4eb _Yarn std::ios_base::_Tidy 54039->54040 54040->53434 54042 d2e2a0 54041->54042 54043 d2e28f 54041->54043 54065 d2e026 54042->54065 54082 d17f5d 15 API calls __dosmaperr 54043->54082 54046 d2e294 54083 d17e37 21 API calls __wsopen_s 54046->54083 54047 d2e2b0 54049 d2e29e 54047->54049 54084 d17f5d 15 API calls __dosmaperr 54047->54084 54049->54020 54052 d2a8aa ___unDNameEx 54051->54052 54053 d2a8d0 54052->54053 54054 d2a8bb 54052->54054 54056 d2a8cb std::_Throw_Cpp_error __wsopen_s 54053->54056 54129 d2a7f4 RtlEnterCriticalSection 54053->54129 54146 d17f5d 15 API calls __dosmaperr 54054->54146 54056->54017 54057 d2a8c0 54147 d17e37 21 API calls __wsopen_s 54057->54147 54059 d2a8ec 54130 d2a828 54059->54130 54062 d2a8f7 54148 d2a914 RtlLeaveCriticalSection std::_Throw_Cpp_error 54062->54148 54064->54020 54067 d2e032 ___unDNameEx 54065->54067 54066 d2e040 54093 d17f5d 15 API calls __dosmaperr 54066->54093 54067->54066 54069 d2e06d 54067->54069 54071 d2e072 54069->54071 54072 d2e07f 54069->54072 54070 d2e045 54094 d17e37 21 API calls __wsopen_s 54070->54094 54095 d17f5d 15 API calls __dosmaperr 54071->54095 54085 d520fb 54072->54085 54076 d2e088 54077 d2e08f 54076->54077 54078 d2e09c 54076->54078 54096 d17f5d 15 API calls __dosmaperr 54077->54096 54097 d2e0d0 RtlLeaveCriticalSection std::_Throw_Cpp_error 54078->54097 54080 d2e050 __wsopen_s 54080->54047 54082->54046 54083->54049 54084->54049 54086 d52107 ___unDNameEx 54085->54086 54098 d440d7 RtlEnterCriticalSection 54086->54098 54088 d52115 54099 d521a5 54088->54099 54092 d52146 __wsopen_s 54092->54076 54093->54070 54094->54080 54095->54080 54096->54080 54097->54080 54098->54088 54106 d521c8 54099->54106 54100 d52221 54117 d4f6bd 54100->54117 54104 d4f7a3 _free 15 API calls 54105 d52233 54104->54105 54111 d52122 54105->54111 54124 d5197b 6 API calls 2 library calls 54105->54124 54106->54100 54106->54106 54106->54111 54115 d2a7f4 RtlEnterCriticalSection 54106->54115 54116 d2a808 RtlLeaveCriticalSection 54106->54116 54108 d52252 54125 d2a7f4 RtlEnterCriticalSection 54108->54125 54112 d52151 54111->54112 54128 d4411f RtlLeaveCriticalSection 54112->54128 54114 d52158 54114->54092 54115->54106 54116->54106 54118 d4f6ca std::_Locinfo::_Locinfo_ctor 54117->54118 54119 d4f70a 54118->54119 54120 d4f6f5 RtlAllocateHeap 54118->54120 54126 d497e5 RtlEnterCriticalSection RtlLeaveCriticalSection __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::_Facet_Register 54118->54126 54127 d17f5d 15 API calls __dosmaperr 54119->54127 54120->54118 54122 d4f708 54120->54122 54122->54104 54124->54108 54125->54111 54126->54118 54127->54122 54128->54114 54129->54059 54131 d2a835 54130->54131 54132 d2a84a 54130->54132 54181 d17f5d 15 API calls __dosmaperr 54131->54181 54137 d2a845 std::_Throw_Cpp_error 54132->54137 54149 d2a9d3 54132->54149 54134 d2a83a 54182 d17e37 21 API calls __wsopen_s 54134->54182 54137->54062 54142 d2a86c 54166 d4ddf6 54142->54166 54145 d4f7a3 _free 15 API calls 54145->54137 54146->54057 54147->54056 54148->54056 54150 d2a9eb 54149->54150 54152 d2a85e 54149->54152 54151 d50970 std::_Throw_Cpp_error 21 API calls 54150->54151 54150->54152 54153 d2aa0b 54151->54153 54155 d52083 54152->54155 54183 d4d0cf 58 API calls 4 library calls 54153->54183 54156 d52099 54155->54156 54158 d2a866 54155->54158 54157 d4f7a3 _free 15 API calls 54156->54157 54156->54158 54157->54158 54159 d50970 54158->54159 54160 d50991 54159->54160 54161 d5097c 54159->54161 54160->54142 54184 d17f5d 15 API calls __dosmaperr 54161->54184 54163 d50981 54185 d17e37 21 API calls __wsopen_s 54163->54185 54165 d5098c 54165->54142 54167 d4de05 54166->54167 54168 d4de1a 54166->54168 54189 d17f4a 15 API calls __dosmaperr 54167->54189 54170 d4de55 54168->54170 54174 d4de41 54168->54174 54191 d17f4a 15 API calls __dosmaperr 54170->54191 54171 d4de0a 54190 d17f5d 15 API calls __dosmaperr 54171->54190 54186 d4dce5 54174->54186 54175 d4de5a 54192 d17f5d 15 API calls __dosmaperr 54175->54192 54178 d2a872 54178->54137 54178->54145 54179 d4de62 54193 d17e37 21 API calls __wsopen_s 54179->54193 54181->54134 54182->54137 54183->54152 54184->54163 54185->54165 54194 d4dc63 54186->54194 54188 d4dd09 54188->54178 54189->54171 54190->54178 54191->54175 54192->54179 54193->54178 54195 d4dc6f ___unDNameEx 54194->54195 54205 d558e8 RtlEnterCriticalSection 54195->54205 54197 d4dc7d 54198 d4dca4 54197->54198 54199 d4dcaf 54197->54199 54206 d4de75 54198->54206 54221 d17f5d 15 API calls __dosmaperr 54199->54221 54202 d4dcaa 54222 d4dcd9 RtlLeaveCriticalSection __wsopen_s 54202->54222 54204 d4dccc __wsopen_s 54204->54188 54205->54197 54223 d55b65 54206->54223 54208 d4de85 54209 d4de8b 54208->54209 54211 d4debd 54208->54211 54212 d55b65 __wsopen_s 21 API calls 54208->54212 54236 d55ad4 16 API calls 2 library calls 54209->54236 54211->54209 54213 d55b65 __wsopen_s 21 API calls 54211->54213 54215 d4deb4 54212->54215 54216 d4dec9 FindCloseChangeNotification 54213->54216 54214 d4dee3 54217 d4df05 54214->54217 54237 d17f27 15 API calls __dosmaperr 54214->54237 54218 d55b65 __wsopen_s 21 API calls 54215->54218 54216->54209 54219 d4ded5 GetLastError 54216->54219 54217->54202 54218->54211 54219->54209 54221->54202 54222->54204 54224 d55b87 54223->54224 54225 d55b72 54223->54225 54230 d55bac 54224->54230 54240 d17f4a 15 API calls __dosmaperr 54224->54240 54238 d17f4a 15 API calls __dosmaperr 54225->54238 54227 d55b77 54239 d17f5d 15 API calls __dosmaperr 54227->54239 54230->54208 54231 d55bb7 54241 d17f5d 15 API calls __dosmaperr 54231->54241 54232 d55b7f 54232->54208 54234 d55bbf 54242 d17e37 21 API calls __wsopen_s 54234->54242 54236->54214 54237->54217 54238->54227 54239->54232 54240->54231 54241->54234 54242->54232 54243->54039 54244 a4d710 54278 d0c450 54244->54278 54247 a4d7a3 54249 a44c90 std::system_error::system_error 27 API calls 54247->54249 54248 a4d82f __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 54251 a4d7cc 54249->54251 54250 a4d7f7 54250->54248 54252 d17e47 SimpleUString::operator= 21 API calls 54250->54252 54251->54250 54255 a44c90 std::system_error::system_error 27 API calls 54251->54255 54253 a4d85e 54252->54253 54254 a5e8b0 21 API calls 54253->54254 54256 a4d89e 54254->54256 54255->54250 54257 a5a970 31 API calls 54256->54257 54258 a4d8ac 54257->54258 54259 a44c90 std::system_error::system_error 27 API calls 54258->54259 54260 a4d8bc 54259->54260 54261 a4da2c 54260->54261 54262 a4d8ce 54260->54262 54280 a507b0 21 API calls std::_Facet_Register 54261->54280 54269 a4da21 std::ios_base::_Tidy 54262->54269 54382 a50770 21 API calls std::_Facet_Register 54262->54382 54265 a4da43 54281 a570f0 54265->54281 54266 a4d8e4 54383 a56b40 127 API calls 6 library calls 54266->54383 54271 a4db2a std::ios_base::_Tidy 54271->54269 54384 a4ecd0 82 API calls 4 library calls 54271->54384 54272 a4f030 71 API calls 54273 a4d9ca std::ios_base::_Tidy 54272->54273 54273->54269 54273->54272 54274 a4d8fd 54274->54273 54276 a44c90 std::system_error::system_error 27 API calls 54274->54276 54275 a4da5c 54275->54271 54277 a44c90 std::system_error::system_error 27 API calls 54275->54277 54276->54273 54277->54271 54279 a4d77a GetPrivateProfileStringA 54278->54279 54279->54247 54279->54250 54280->54265 54385 a56150 54281->54385 54283 a57134 54284 a4ae70 27 API calls 54283->54284 54285 a57153 54284->54285 54286 a4ae70 27 API calls 54285->54286 54287 a5716f 54286->54287 54288 a545a0 29 API calls 54287->54288 54289 a57195 54288->54289 54290 b0e730 16 API calls 54289->54290 54291 a571b2 54290->54291 54292 a571eb std::ios_base::_Tidy 54291->54292 54293 a57804 54291->54293 54294 a545a0 29 API calls 54292->54294 54306 a57272 std::ios_base::_Tidy __Getcvt 54292->54306 54295 d17e47 SimpleUString::operator= 21 API calls 54293->54295 54296 a5721c 54294->54296 54297 a57809 54295->54297 54300 b0e730 16 API calls 54296->54300 54301 d17e47 SimpleUString::operator= 21 API calls 54297->54301 54298 a572c9 54299 a51fe0 UnDecorator::getTemplateConstant 44 API calls 54298->54299 54309 a572c4 54299->54309 54303 a57239 54300->54303 54308 a576ee 54301->54308 54302 a572ac 54304 a51fe0 UnDecorator::getTemplateConstant 44 API calls 54302->54304 54303->54297 54303->54306 54304->54309 54305 d17e47 SimpleUString::operator= 21 API calls 54307 a57813 54305->54307 54306->54298 54306->54302 54306->54308 54310 c5020b std::system_error::system_error 23 API calls 54307->54310 54308->54305 54311 a57726 std::ios_base::_Tidy 54308->54311 54309->54308 54312 a97100 18 API calls 54309->54312 54310->54311 54314 d17e47 SimpleUString::operator= 21 API calls 54311->54314 54315 a57783 std::ios_base::_Tidy 54311->54315 54348 a5731e SimpleUString::operator= 54312->54348 54313 a577dc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 54313->54275 54314->54315 54315->54313 54317 d17e47 SimpleUString::operator= 21 API calls 54315->54317 54316 a576d8 54318 a95fa0 18 API calls 54316->54318 54321 a57827 54317->54321 54319 a576de 54318->54319 54320 b0bf40 15 API calls 54319->54320 54320->54308 54323 a4ae70 27 API calls 54321->54323 54322 a97e60 15 API calls 54322->54348 54324 a57893 54323->54324 54325 a4ae70 27 API calls 54324->54325 54326 a578af 54325->54326 54327 a545a0 29 API calls 54326->54327 54328 a578d5 54327->54328 54329 b0e730 16 API calls 54328->54329 54330 a578f2 54329->54330 54332 a5792b std::ios_base::_Tidy 54330->54332 54334 a57f18 54330->54334 54331 a44c90 27 API calls std::system_error::system_error 54331->54348 54333 a545a0 29 API calls 54332->54333 54335 a579b2 std::ios_base::_Tidy __Getcvt 54332->54335 54336 a5795c 54333->54336 54337 d17e47 SimpleUString::operator= 21 API calls 54334->54337 54338 a57a09 54335->54338 54340 a579ec 54335->54340 54346 a57e02 54335->54346 54342 b0e730 16 API calls 54336->54342 54339 a57f1d 54337->54339 54341 a51fe0 UnDecorator::getTemplateConstant 44 API calls 54338->54341 54343 d17e47 SimpleUString::operator= 21 API calls 54339->54343 54344 a51fe0 UnDecorator::getTemplateConstant 44 API calls 54340->54344 54350 a57a04 54341->54350 54345 a57979 54342->54345 54343->54346 54344->54350 54345->54335 54345->54339 54347 d17e47 SimpleUString::operator= 21 API calls 54346->54347 54352 a57e3a std::ios_base::_Tidy 54346->54352 54349 a57f27 54347->54349 54348->54307 54348->54316 54348->54322 54348->54331 54365 a4b3f0 std::system_error::system_error 27 API calls 54348->54365 54367 a97cd0 15 API calls 54348->54367 54371 a97d70 15 API calls 54348->54371 54376 a97100 18 API calls 54348->54376 54406 a97950 15 API calls 54348->54406 54407 a97a50 15 API calls 54348->54407 54408 a512f0 27 API calls std::system_error::system_error 54348->54408 54409 a4ecd0 82 API calls 4 library calls 54348->54409 54351 c5020b std::system_error::system_error 23 API calls 54349->54351 54350->54346 54355 a97100 18 API calls 54350->54355 54351->54352 54353 a57e97 std::ios_base::_Tidy 54352->54353 54356 d17e47 SimpleUString::operator= 21 API calls 54352->54356 54354 a57ef0 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 54353->54354 54358 d17e47 SimpleUString::operator= 21 API calls 54353->54358 54354->54275 54380 a57a5e SimpleUString::operator= 54355->54380 54356->54353 54357 a57dec 54360 a95fa0 18 API calls 54357->54360 54361 a57f3b 54358->54361 54362 a57df2 54360->54362 54364 b0bf40 15 API calls 54362->54364 54364->54346 54365->54348 54366 a44c90 27 API calls std::system_error::system_error 54366->54380 54367->54348 54368 a97e60 15 API calls 54368->54380 54371->54348 54372 a4b3f0 std::system_error::system_error 27 API calls 54372->54380 54375 a97cd0 15 API calls 54375->54380 54376->54348 54377 a97d70 15 API calls 54377->54380 54380->54349 54380->54357 54380->54366 54380->54368 54380->54372 54380->54375 54380->54377 54381 a97100 18 API calls 54380->54381 54410 a97950 15 API calls 54380->54410 54411 a97a50 15 API calls 54380->54411 54412 a51140 27 API calls std::system_error::system_error 54380->54412 54413 a4e940 82 API calls 4 library calls 54380->54413 54381->54380 54382->54266 54383->54274 54384->54271 54386 a561d1 __Getcvt 54385->54386 54414 a4b560 27 API calls 4 library calls 54386->54414 54388 a5627e 54415 a4b560 27 API calls 4 library calls 54388->54415 54390 a562e8 54416 a4b560 27 API calls 4 library calls 54390->54416 54392 a56352 54417 a49ff0 27 API calls 3 library calls 54392->54417 54394 a56364 54418 a4b560 27 API calls 4 library calls 54394->54418 54396 a563d2 54419 d2e219 54396->54419 54399 a56402 54400 a568cd __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 54399->54400 54401 a5690d 54399->54401 54429 a4a5c0 27 API calls 4 library calls 54399->54429 54400->54283 54402 d17e47 SimpleUString::operator= 21 API calls 54401->54402 54404 a56912 __Getcvt 54402->54404 54403 a56977 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54403->54283 54404->54403 54405 a51fe0 UnDecorator::getTemplateConstant 44 API calls 54404->54405 54405->54403 54406->54348 54407->54348 54408->54348 54409->54348 54410->54380 54411->54380 54412->54380 54413->54380 54414->54388 54415->54390 54416->54392 54417->54394 54418->54396 54420 d2e226 54419->54420 54421 d2e237 54419->54421 54449 d17f5d 15 API calls __dosmaperr 54420->54449 54430 d2e0e7 54421->54430 54424 d2e247 54427 d2e235 54424->54427 54451 d17f5d 15 API calls __dosmaperr 54424->54451 54425 d2e22b 54450 d17e37 21 API calls __wsopen_s 54425->54450 54427->54399 54429->54399 54431 d2e0f3 ___unDNameEx 54430->54431 54432 d2e101 54431->54432 54434 d2e131 54431->54434 54458 d17f5d 15 API calls __dosmaperr 54432->54458 54437 d2e143 54434->54437 54438 d2e136 54434->54438 54435 d2e106 54459 d17e37 21 API calls __wsopen_s 54435->54459 54440 d520fb 18 API calls 54437->54440 54460 d17f5d 15 API calls __dosmaperr 54438->54460 54441 d2e14c 54440->54441 54442 d2e152 54441->54442 54443 d2e15f 54441->54443 54461 d17f5d 15 API calls __dosmaperr 54442->54461 54452 d54810 54443->54452 54444 d2e111 __wsopen_s 54444->54424 54449->54425 54450->54427 54451->54427 54453 d54730 54452->54453 54463 d4d5f8 54453->54463 54456 d2e172 54462 d2e191 RtlLeaveCriticalSection std::_Throw_Cpp_error 54456->54462 54458->54435 54459->54444 54460->54444 54461->54444 54462->54444 54464 d4d629 std::_Locinfo::_Locinfo_ctor 54463->54464 54474 d4d772 54464->54474 54478 d5f60c 36 API calls 2 library calls 54464->54478 54466 d4d828 54482 d17e37 21 API calls __wsopen_s 54466->54482 54468 d4d77d 54468->54456 54475 d4ed2a 54468->54475 54470 d4d7c6 54470->54474 54479 d5f60c 36 API calls 2 library calls 54470->54479 54472 d4d7e5 54472->54474 54480 d5f60c 36 API calls 2 library calls 54472->54480 54474->54468 54481 d17f5d 15 API calls __dosmaperr 54474->54481 54483 d4e13e 54475->54483 54477 d4ed45 54477->54456 54478->54470 54479->54472 54480->54474 54481->54466 54482->54468 54486 d4e14a ___unDNameEx 54483->54486 54484 d4e158 54541 d17f5d 15 API calls __dosmaperr 54484->54541 54486->54484 54488 d4e191 54486->54488 54487 d4e15d 54542 d17e37 21 API calls __wsopen_s 54487->54542 54494 d4ea01 54488->54494 54493 d4e167 __wsopen_s 54493->54477 54544 d4e617 54494->54544 54496 d4ea1e 54497 d4ea33 54496->54497 54498 d4ea4c 54496->54498 54580 d17f4a 15 API calls __dosmaperr 54497->54580 54566 d559c2 54498->54566 54501 d4ea38 54581 d17f5d 15 API calls __dosmaperr 54501->54581 54502 d4ea51 54503 d4ea71 54502->54503 54504 d4ea5a 54502->54504 54579 d4e51f CreateFileW 54503->54579 54582 d17f4a 15 API calls __dosmaperr 54504->54582 54508 d4ea5f 54583 d17f5d 15 API calls __dosmaperr 54508->54583 54510 d4eb27 GetFileType 54512 d4eb32 GetLastError 54510->54512 54513 d4eb79 54510->54513 54511 d4eafc GetLastError 54585 d17f27 15 API calls __dosmaperr 54511->54585 54586 d17f27 15 API calls __dosmaperr 54512->54586 54588 d5590b 16 API calls 2 library calls 54513->54588 54514 d4eaaa 54514->54510 54514->54511 54584 d4e51f CreateFileW 54514->54584 54517 d4eb40 CloseHandle 54517->54501 54519 d4eb69 54517->54519 54587 d17f5d 15 API calls __dosmaperr 54519->54587 54521 d4eaef 54521->54510 54521->54511 54523 d4eb9a 54528 d4ebe6 54523->54528 54589 d4e830 68 API calls 4 library calls 54523->54589 54524 d4eb6e 54524->54501 54527 d4ec0c 54529 d4ec24 54527->54529 54530 d4ec13 54527->54530 54528->54530 54590 d4e2d2 68 API calls 5 library calls 54528->54590 54532 d4e1b5 54529->54532 54533 d4eca2 CloseHandle 54529->54533 54531 d4de75 __wsopen_s 24 API calls 54530->54531 54531->54532 54543 d4e1de RtlLeaveCriticalSection __wsopen_s 54532->54543 54591 d4e51f CreateFileW 54533->54591 54535 d4eccd 54536 d4ecd7 GetLastError 54535->54536 54537 d4ed03 54535->54537 54592 d17f27 15 API calls __dosmaperr 54536->54592 54537->54532 54539 d4ece3 54593 d55ad4 16 API calls 2 library calls 54539->54593 54541->54487 54542->54493 54543->54493 54545 d4e652 54544->54545 54546 d4e638 54544->54546 54596 d4e5a7 21 API calls 2 library calls 54545->54596 54546->54545 54594 d17f5d 15 API calls __dosmaperr 54546->54594 54549 d4e647 54595 d17e37 21 API calls __wsopen_s 54549->54595 54551 d4e68a 54552 d4e6b9 54551->54552 54597 d17f5d 15 API calls __dosmaperr 54551->54597 54559 d4e70c 54552->54559 54599 d4a5ae 21 API calls 2 library calls 54552->54599 54555 d4e707 54558 d17e64 __Getctype 6 API calls 54555->54558 54555->54559 54556 d4e6ae 54598 d17e37 21 API calls __wsopen_s 54556->54598 54560 d4e792 54558->54560 54559->54496 54561 d4e7c8 54560->54561 54600 d17f5d 15 API calls __dosmaperr 54560->54600 54561->54496 54563 d4e7b8 54601 d17e37 21 API calls __wsopen_s 54563->54601 54565 d4e7c3 54565->54496 54567 d559ce ___unDNameEx 54566->54567 54602 d440d7 RtlEnterCriticalSection 54567->54602 54569 d559d5 54570 d559fa 54569->54570 54575 d55a68 RtlEnterCriticalSection 54569->54575 54577 d55a1c 54569->54577 54606 d557a1 16 API calls 3 library calls 54570->54606 54573 d55a45 __wsopen_s 54573->54502 54574 d559ff 54574->54577 54607 d558e8 RtlEnterCriticalSection 54574->54607 54576 d55a75 RtlLeaveCriticalSection 54575->54576 54575->54577 54576->54569 54603 d55acb 54577->54603 54579->54514 54580->54501 54581->54532 54582->54508 54583->54501 54584->54521 54585->54501 54586->54517 54587->54524 54588->54523 54589->54528 54590->54527 54591->54535 54592->54539 54593->54537 54594->54549 54595->54545 54596->54551 54597->54556 54598->54552 54599->54555 54600->54563 54601->54565 54602->54569 54604 d4411f std::_Lockit::~_Lockit RtlLeaveCriticalSection 54603->54604 54605 d55ad2 54604->54605 54605->54573 54606->54574 54607->54577 54608 d6a370 54609 d6a381 54608->54609 54610 d6a396 54608->54610 54611 a44c90 std::system_error::system_error 27 API calls 54609->54611 54614 d6a3c0 54610->54614 54611->54610 54613 d6a3b2 54615 a44c90 std::system_error::system_error 27 API calls 54614->54615 54616 d6a431 54615->54616 54633 a449a0 54616->54633 54618 d6a439 54638 d6a760 54618->54638 54622 d6a472 54674 d6c910 54622->54674 54624 d6a47f 54627 d6a498 54624->54627 54681 ba4660 85 API calls 54624->54681 54626 d6a508 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54626->54613 54627->54626 54628 a44c90 std::system_error::system_error 27 API calls 54627->54628 54629 d6a4e8 54628->54629 54682 d66ea0 27 API calls 4 library calls 54629->54682 54631 d6a500 54683 a44450 21 API calls 2 library calls 54631->54683 54634 a449ab std::ios_base::_Tidy 54633->54634 54635 a44a62 std::ios_base::_Tidy 54634->54635 54636 d17e47 SimpleUString::operator= 21 API calls 54634->54636 54635->54618 54637 a44a84 54636->54637 54637->54618 54639 d6a775 54638->54639 54640 d6a789 54638->54640 54639->54640 54684 d665a0 27 API calls 4 library calls 54639->54684 54641 d6a461 54640->54641 54643 cea564 std::_Facet_Register 21 API calls 54640->54643 54644 d6bfe0 54641->54644 54643->54641 54645 d6c17c 54644->54645 54646 d6c01d 54644->54646 54734 a4a3d0 27 API calls std::system_error::system_error 54645->54734 54648 d6c910 27 API calls 54646->54648 54654 d6c02c 54648->54654 54649 d6c189 54735 ba4960 27 API calls 2 library calls 54649->54735 54651 d6c05c 54653 d6c11b 54651->54653 54655 d6c0d2 54651->54655 54656 d6c070 54651->54656 54657 d6c08e 54651->54657 54658 d6c07f 54651->54658 54659 d6c09d 54651->54659 54673 d6c07b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54651->54673 54660 a44c90 std::system_error::system_error 27 API calls 54653->54660 54654->54651 54723 ba4660 85 API calls 54654->54723 54726 b9fee0 54655->54726 54685 d6b480 54656->54685 54725 d67c80 107 API calls 54657->54725 54724 d6a990 112 API calls 4 library calls 54658->54724 54715 d68270 54659->54715 54663 d6c13c 54660->54663 54732 d66ea0 27 API calls 4 library calls 54663->54732 54669 d6c04e 54671 a44c90 std::system_error::system_error 27 API calls 54669->54671 54670 d6c154 54733 a44450 21 API calls 2 library calls 54670->54733 54671->54651 54673->54622 54675 d6c933 54674->54675 54676 d6c91c 54674->54676 54677 d6bb40 27 API calls 54675->54677 54678 d6bb40 27 API calls 54676->54678 54680 d6c92d 54676->54680 54679 d6c93b 54677->54679 54678->54676 54679->54624 54680->54624 54681->54627 54682->54631 54683->54626 54684->54640 54686 b9fee0 21 API calls 54685->54686 54687 d6b4d0 54686->54687 54736 d6bb40 54687->54736 54689 d6b69a 54690 a44c90 std::system_error::system_error 27 API calls 54689->54690 54714 d6b6bb 54690->54714 54692 a44c90 std::system_error::system_error 27 API calls 54713 d6b4f1 54692->54713 54693 d6b6d0 54763 a44450 21 API calls 2 library calls 54693->54763 54696 d6b714 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 54696->54673 54697 d6b785 54765 d6c310 27 API calls 3 library calls 54697->54765 54699 d6b6da 54699->54696 54700 d17e47 SimpleUString::operator= 21 API calls 54699->54700 54702 d6b7c2 54700->54702 54701 d6b747 54703 a44c90 std::system_error::system_error 27 API calls 54701->54703 54704 d6b768 54703->54704 54764 d67030 27 API calls 54704->54764 54707 cea564 std::_Facet_Register 21 API calls 54707->54713 54708 d6bfe0 112 API calls 54708->54713 54710 d6bb40 27 API calls 54710->54713 54711 d6b71a 54712 a44c90 std::system_error::system_error 27 API calls 54711->54712 54712->54714 54713->54689 54713->54692 54713->54697 54713->54699 54713->54701 54713->54707 54713->54708 54713->54710 54713->54711 54740 d68350 54713->54740 54757 ba0850 54713->54757 54761 d665a0 27 API calls 4 library calls 54713->54761 54762 d67030 27 API calls 54714->54762 54716 d68350 52 API calls 54715->54716 54717 d682c4 54716->54717 54722 d682c8 54717->54722 54912 b9fdb0 54717->54912 54719 d6831e __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z std::ios_base::_Tidy 54719->54673 54720 d17e47 SimpleUString::operator= 21 API calls 54721 d6834c 54720->54721 54722->54719 54722->54720 54723->54669 54724->54673 54725->54673 54728 b9ff11 54726->54728 54727 b9ff1e 54727->54673 54728->54727 54729 cea564 std::_Facet_Register 21 API calls 54728->54729 54730 b9ff45 54729->54730 54730->54727 54731 ba1300 21 API calls 54730->54731 54731->54727 54732->54670 54733->54673 54734->54649 54737 d6bb4c 54736->54737 54739 d6bb76 54737->54739 54766 d6ac50 27 API calls 54737->54766 54739->54713 54767 a4b830 54740->54767 54742 d6847a __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54742->54713 54743 d684c8 54744 a44c90 std::system_error::system_error 27 API calls 54743->54744 54748 d684bf 54744->54748 54746 d68398 54746->54742 54746->54743 54747 d6849e 54746->54747 54779 d686e0 52 API calls 2 library calls 54746->54779 54780 d67080 27 API calls 54746->54780 54781 a4a9a0 54746->54781 54786 a44450 21 API calls 2 library calls 54746->54786 54787 a5ca60 27 API calls 5 library calls 54746->54787 54749 a44c90 std::system_error::system_error 27 API calls 54747->54749 54788 d66ea0 27 API calls 4 library calls 54748->54788 54749->54748 54752 d68500 54789 a44450 21 API calls 2 library calls 54752->54789 54758 ba0862 54757->54758 54791 ba4220 54758->54791 54760 ba0877 54760->54713 54761->54713 54762->54693 54763->54699 54764->54693 54765->54699 54766->54739 54768 a4b930 _Yarn std::ios_base::_Tidy 54767->54768 54769 a4b84b 54767->54769 54768->54746 54769->54768 54770 a4b9bd 54769->54770 54773 a4b8c2 _Yarn 54769->54773 54774 a4b8b1 54769->54774 54775 a4b8db 54769->54775 54790 a46b50 23 API calls std::system_error::system_error 54770->54790 54772 a4b9c2 _Yarn 54772->54746 54773->54768 54778 d17e47 SimpleUString::operator= 21 API calls 54773->54778 54776 cea564 std::_Facet_Register 21 API calls 54774->54776 54775->54773 54777 cea564 std::_Facet_Register 21 API calls 54775->54777 54776->54773 54777->54773 54778->54770 54779->54746 54780->54746 54782 a4a9e5 54781->54782 54785 a4a9b8 SimpleUString::operator= 54781->54785 54783 a4b3f0 std::system_error::system_error 27 API calls 54782->54783 54784 a4a9f8 54783->54784 54784->54746 54785->54746 54786->54746 54787->54746 54788->54752 54789->54742 54790->54772 54792 ba4261 54791->54792 54793 ba4257 54791->54793 54794 b9fee0 21 API calls 54792->54794 54795 ba4371 54793->54795 54802 ba425f 54793->54802 54796 ba426b 54794->54796 54864 b8e4d0 85 API calls 54795->54864 54838 ba04a0 54796->54838 54799 ba4380 54865 b1b1a0 42 API calls 54799->54865 54801 ba4398 54866 ba47c0 27 API calls std::system_error::system_error 54801->54866 54825 ba42e7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54802->54825 54841 b9f690 54802->54841 54805 ba43aa 54867 ba4930 27 API calls 2 library calls 54805->54867 54825->54760 54839 b9fc10 85 API calls 54838->54839 54840 ba04b4 54839->54840 54840->54802 54842 b9f6a1 54841->54842 54843 b9f6b1 54841->54843 54842->54843 54868 ba2920 27 API calls 3 library calls 54842->54868 54845 b9fc10 54843->54845 54846 b9fc5f 54845->54846 54854 b9fc66 54845->54854 54847 b9fcbd 54846->54847 54851 b9fc72 54846->54851 54846->54854 54849 cea564 std::_Facet_Register 21 API calls 54847->54849 54848 b9fd70 54856 b9e940 54848->54856 54850 b9fcc4 54849->54850 54850->54854 54869 b9e820 54850->54869 54851->54854 54874 ba2830 54851->54874 54854->54848 54854->54854 54891 ba4570 85 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54854->54891 54909 ba1320 54856->54909 54859 b9f690 27 API calls 54860 b9e996 54859->54860 54861 b9fc10 85 API calls 54860->54861 54862 b9e9a6 54861->54862 54863 b9f0a0 23 API calls 54862->54863 54863->54825 54864->54799 54865->54801 54866->54805 54868->54843 54892 ba1300 54869->54892 54875 ba286f 54874->54875 54876 ba28b6 54874->54876 54877 d1800c ___std_exception_copy 16 API calls 54875->54877 54903 b8e4d0 85 API calls 54876->54903 54879 ba2878 54877->54879 54888 ba2881 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z _Yarn 54879->54888 54907 a4a3d0 27 API calls std::system_error::system_error 54879->54907 54880 ba28c5 54904 b1b1a0 42 API calls 54880->54904 54883 ba28dd 54905 ba47c0 27 API calls std::system_error::system_error 54883->54905 54884 ba2906 54908 ba4960 27 API calls 2 library calls 54884->54908 54886 ba28ef 54906 ba4930 27 API calls 2 library calls 54886->54906 54888->54854 54891->54854 54893 cea564 std::_Facet_Register 21 API calls 54892->54893 54894 b9e862 54893->54894 54895 b9ea70 54894->54895 54896 b9eaab 54895->54896 54902 b9e884 54895->54902 54897 b9e940 85 API calls 54896->54897 54898 b9eab4 54897->54898 54899 b9ea70 85 API calls 54898->54899 54900 b9eae3 54899->54900 54901 b9ea70 85 API calls 54900->54901 54901->54902 54902->54854 54903->54880 54904->54883 54905->54886 54907->54884 54910 cea564 std::_Facet_Register 21 API calls 54909->54910 54911 b9e973 54910->54911 54911->54859 54913 b9fdbf 54912->54913 54914 ba2830 85 API calls 54913->54914 54915 b9fdd4 54914->54915 54915->54722 54916 d481d3 54919 d47f64 54916->54919 54918 d481e4 54920 d47f70 _Atexit 54919->54920 54921 d47f77 54920->54921 54922 d47f89 54920->54922 54941 d480c7 GetModuleHandleW 54921->54941 54943 d440d7 RtlEnterCriticalSection 54922->54943 54925 d47f7c 54925->54922 54942 d48126 GetModuleHandleExW GetProcAddress FreeLibrary __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54925->54942 54928 d47f88 54928->54922 54929 d48047 54933 d48077 _Atexit 54929->54933 54934 d4804b 54929->54934 54930 d47f90 54931 d48005 54930->54931 54940 d4802e 54930->54940 54944 d49539 15 API calls _Atexit 54930->54944 54932 d4801d 54931->54932 54945 d4a501 54931->54945 54937 d4a501 _Atexit GetSystemInfo 54932->54937 54933->54918 54950 d4807d 12 API calls _Atexit 54934->54950 54937->54940 54949 d4806e RtlLeaveCriticalSection std::_Lockit::~_Lockit 54940->54949 54941->54925 54942->54928 54943->54930 54944->54931 54946 d4a54c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54945->54946 54947 d4a530 54945->54947 54946->54932 54947->54946 54951 a410a0 GetSystemInfo 54947->54951 54949->54929 54951->54947 54952 bb54d0 54953 bb54de 54952->54953 54956 bac0f0 54953->54956 54955 bb54e7 54957 bac137 54956->54957 54959 bac1a9 54957->54959 54994 b74630 23 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54957->54994 54962 bac32b 54959->54962 54963 bac235 54959->54963 54972 bac24f 54959->54972 54960 bac30f __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54960->54955 54965 bac396 54962->54965 54999 b29e10 23 API calls __CxxThrowException@8 54962->54999 54995 b74630 23 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 54963->54995 54993 b29e10 23 API calls __CxxThrowException@8 54965->54993 54969 bac3b6 54971 cea564 std::_Facet_Register 21 API calls 54969->54971 54973 bac3ef 54971->54973 54972->54960 54996 bb4ee0 39 API calls __Init_thread_footer 54972->54996 54997 ca0820 27 API calls 54972->54997 54998 bab2e0 27 API calls 54972->54998 54974 bac550 54973->54974 54975 cea564 std::_Facet_Register 21 API calls 54973->54975 54974->54955 54976 bac424 __Cnd_init 54975->54976 54977 c53055 69 API calls 54976->54977 54978 bac467 __Mtx_init 54976->54978 54977->54978 54979 bac490 54978->54979 54980 c53055 69 API calls 54978->54980 54981 c52dd0 7 API calls 54979->54981 54980->54979 54982 bac4ab 54981->54982 54983 bac4b8 54982->54983 54984 c53055 69 API calls 54982->54984 54985 c53801 __Thrd_start 54 API calls 54983->54985 54984->54983 54986 bac4df 54985->54986 54987 c53055 69 API calls 54986->54987 54989 bac4f7 54986->54989 54987->54989 54988 c53bfc GetCurrentThreadId GetSystemTimeAsFileTime 54988->54989 54989->54988 54990 bac521 std::ios_base::_Tidy __Mtx_unlock 54989->54990 54991 c53055 69 API calls 54989->54991 54990->54974 54992 c53055 69 API calls 54990->54992 54991->54989 54992->54974 54994->54959 54995->54972 54996->54972 54997->54972 54998->54972 55000 d2b55d 55003 d2b2cd 55000->55003 55002 d2b573 55006 d2b2d9 ___unDNameEx 55003->55006 55004 d2b2e5 55028 d17f5d 15 API calls __dosmaperr 55004->55028 55006->55004 55007 d2b30b 55006->55007 55016 d2a7f4 RtlEnterCriticalSection 55007->55016 55008 d2b2ea 55029 d17e37 21 API calls __wsopen_s 55008->55029 55011 d2b317 55017 d2b42d 55011->55017 55013 d2b32b 55030 d2b34a RtlLeaveCriticalSection std::_Throw_Cpp_error 55013->55030 55015 d2b2f5 __wsopen_s 55015->55002 55016->55011 55018 d2b44f 55017->55018 55019 d2b43f 55017->55019 55031 d2b354 55018->55031 55038 d17f5d 15 API calls __dosmaperr 55019->55038 55022 d2b444 55022->55013 55023 d2b4f1 55023->55013 55024 d2b472 std::_Throw_Cpp_error 55024->55023 55025 d2a9d3 std::_Throw_Cpp_error 58 API calls 55024->55025 55026 d2b499 55025->55026 55035 d44032 55026->55035 55028->55008 55029->55015 55030->55015 55032 d2b360 std::_Throw_Cpp_error 55031->55032 55033 d2b367 55031->55033 55032->55024 55033->55032 55034 d44032 std::_Throw_Cpp_error 23 API calls 55033->55034 55034->55032 55039 d43ec0 55035->55039 55038->55022 55040 d55b65 __wsopen_s 21 API calls 55039->55040 55041 d43ed2 55040->55041 55042 d43eda 55041->55042 55043 d43eeb SetFilePointerEx 55041->55043 55048 d17f5d 15 API calls __dosmaperr 55042->55048 55045 d43edf 55043->55045 55046 d43f03 GetLastError 55043->55046 55045->55023 55049 d17f27 15 API calls __dosmaperr 55046->55049 55048->55045 55049->55045

                                                                                                                                          Executed Functions

                                                                                                                                          Function 00D536BB Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370timeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 578 d536bb-d536e3 call d531a4 call d53202 583 d53883-d538b8 call d17e64 call d531a4 call d53202 578->583 584 d536e9-d536f5 call d531aa 578->584 609 d539e0-d53a3c call d17e64 call d2ed02 583->609 610 d538be-d538ca call d531aa 583->610 584->583 590 d536fb-d53706 584->590 591 d5373c-d53745 call d4f7a3 590->591 592 d53708-d5370a 590->592 605 d53748-d5374d 591->605 594 d5370c-d53710 592->594 597 d53712-d53714 594->597 598 d5372c-d5372e 594->598 601 d53716-d5371c 597->601 602 d53728-d5372a 597->602 603 d53731-d53733 598->603 601->598 606 d5371e-d53726 601->606 602->603 607 d5387d-d53882 603->607 608 d53739 603->608 605->605 611 d5374f-d53770 call d4f7dd call d4f7a3 605->611 606->594 606->602 608->591 628 d53a46-d53a49 609->628 629 d53a3e-d53a44 609->629 610->609 620 d538d0-d538dc call d531d6 610->620 611->607 624 d53776-d53779 611->624 620->609 630 d538e2-d53903 call d4f7a3 GetTimeZoneInformation 620->630 627 d5377c-d53781 624->627 627->627 633 d53783-d53795 call d2e323 627->633 631 d53a8c-d53a9e 628->631 634 d53a4b-d53a5b call d4f7dd 628->634 629->631 643 d539bc-d539df call d5319e call d53192 call d53198 630->643 644 d53909-d5392a 630->644 635 d53aa0-d53aa3 631->635 636 d53aae 631->636 633->583 652 d5379b-d537ae call d4fbf6 633->652 653 d53a65-d53a7e call d2ed02 634->653 654 d53a5d 634->654 635->636 642 d53aa5-d53aac call d536bb 635->642 640 d53ab3-d53aca call d4f7a3 call cea939 636->640 641 d53aae call d53890 636->641 641->640 642->640 649 d53934-d5393b 644->649 650 d5392c-d53931 644->650 658 d53953-d53956 649->658 659 d5393d-d53944 649->659 650->649 652->583 676 d537b4-d537b7 652->676 671 d53a80-d53a81 653->671 672 d53a83-d53a89 call d4f7a3 653->672 662 d53a5e-d53a63 call d4f7a3 654->662 667 d53959-d5397a call d44273 WideCharToMultiByte 658->667 659->658 666 d53946-d53951 659->666 677 d53a8b 662->677 666->667 685 d5397c-d5397f 667->685 686 d53988-d5398a 667->686 671->662 672->677 681 d537bf-d537c8 676->681 682 d537b9-d537bd 676->682 677->631 687 d537cb-d537d8 call d43c25 681->687 688 d537ca 681->688 682->676 682->681 685->686 689 d53981-d53986 685->689 690 d5398c-d539a8 WideCharToMultiByte 686->690 696 d537db-d537df 687->696 688->687 689->690 693 d539b7-d539ba 690->693 694 d539aa-d539ad 690->694 693->643 694->693 695 d539af-d539b5 694->695 695->643 697 d537e1-d537e3 696->697 698 d537e9-d537ea 696->698 699 d537e5-d537e7 697->699 700 d537ec-d537ef 697->700 698->696 699->698 699->700 701 d537f1-d53804 call d43c25 700->701 702 d53833-d53835 700->702 710 d5380b-d5380f 701->710 703 d53837-d53839 702->703 704 d5383c-d5384b 702->704 703->704 706 d53863-d53866 704->706 707 d5384d-d5385f call d4fbf6 704->707 711 d53869-d5387b call d5319e call d53192 706->711 707->711 716 d53861 707->716 713 d53806-d53808 710->713 714 d53811-d53814 710->714 711->607 713->714 717 d5380a 713->717 714->702 718 d53816-d53826 call d43c25 714->718 716->583 717->710 724 d5382d-d53831 718->724 724->702 725 d53828-d5382a 724->725 725->702 726 d5382c 725->726 726->724
                                                                                                                                          APIs
                                                                                                                                          • _free.LIBCMT ref: 00D5373D
                                                                                                                                          • _free.LIBCMT ref: 00D53761
                                                                                                                                          • _free.LIBCMT ref: 00D538E8
                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00DC6560), ref: 00D538FA
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,W. Europe Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00D53972
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,W. Europe Summer Time,000000FF,?,0000003F,00000000,?), ref: 00D5399F
                                                                                                                                          • _free.LIBCMT ref: 00D53AB4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                          • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                          • API String ID: 314583886-690618308
                                                                                                                                          • Opcode ID: bf970b7d696616d2c92461dccd4b81017b1b21eb17bf5cb042ade61487741540
                                                                                                                                          • Instruction ID: a4a9a1a4afa82292f63b824ee693985a98c2638d025b7384856d9c0e5d231b99
                                                                                                                                          • Opcode Fuzzy Hash: bf970b7d696616d2c92461dccd4b81017b1b21eb17bf5cb042ade61487741540
                                                                                                                                          • Instruction Fuzzy Hash: 93C127B2D00205AFDF149F79DC45AAABBA9EF45391F28419AEC80A7251D770CF09CB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B0E730 Relevance: 15.5, Strings: 12, Instructions: 488COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 727 b0e730-b0e75d call b0acf0 730 b0e763-b0e76c 727->730 731 b0eda9-b0edaf 727->731 732 b0e774-b0e77a 730->732 733 b0e76e-b0e772 730->733 735 b0e782-b0e788 732->735 736 b0e77c-b0e780 732->736 734 b0e79f-b0e7a5 733->734 739 b0e7a7-b0e7ad 734->739 740 b0e7af-b0e7b5 734->740 737 b0e794-b0e79b 735->737 738 b0e78a-b0e792 735->738 736->734 737->734 738->734 741 b0e7bd-b0e7d9 call a67010 739->741 740->741 742 b0e7b7 740->742 745 b0ec36-b0ec44 call b0dce0 741->745 746 b0e7df-b0e7f1 call d0c450 741->746 742->741 751 b0ec4a-b0ec55 call b0bf40 745->751 752 b0ed8d-b0ed8f 745->752 746->745 753 b0e7f7-b0e7fb 746->753 756 b0ed95-b0eda7 call b0fc80 751->756 755 b0ed91 752->755 752->756 757 b0e82b-b0e830 753->757 758 b0e7fd-b0e803 753->758 755->756 756->731 761 b0e832-b0e839 757->761 762 b0e83c-b0e986 call b0de30 * 5 757->762 763 b0e805-b0e807 758->763 764 b0e809-b0e811 758->764 761->762 782 b0ec25-b0ec2a 762->782 783 b0e98c-b0e99d 762->783 767 b0e814-b0e819 763->767 764->767 767->757 769 b0e81b-b0e826 call a672c0 767->769 769->745 782->745 786 b0ec2c-b0ec33 782->786 784 b0e9c4-b0e9e6 call b0e020 783->784 785 b0e99f-b0e9c2 call a6a250 783->785 793 b0e9e8-b0e9eb 784->793 794 b0ea1b-b0ea34 call a81a00 784->794 792 b0e9f8-b0ea16 call a6b1e0 call a672c0 785->792 786->745 792->782 797 b0e9f4 793->797 798 b0e9ed-b0e9ef call a67b60 793->798 800 b0ea39-b0ea3e 794->800 797->792 798->797 803 b0ea40-b0ea54 800->803 804 b0ea6c-b0ea8d call a7f350 call ac3b70 800->804 807 b0ea60-b0ea67 call a6b0d0 803->807 808 b0ea56-b0ea5b call a6b140 803->808 816 b0ea9f-b0eaa8 804->816 817 b0ea8f-b0ea9a call ac32c0 804->817 807->782 808->782 819 b0eab5-b0eaec call ac3b70 816->819 820 b0eaaa-b0eaae 816->820 817->816 819->782 825 b0eaf2-b0eafb 819->825 820->819 821 b0eab0 call a7f330 820->821 821->819 826 b0eb08 825->826 827 b0eafd-b0eb06 call a6b0d0 825->827 828 b0eb0f-b0eb14 826->828 827->828 831 b0eb20-b0eb40 call ac3670 828->831 832 b0eb16-b0eb1d 828->832 836 b0eb42-b0eb49 831->836 837 b0eb4c-b0eb4e 831->837 832->831 836->837 838 b0eb50-b0eb64 call a69fd0 837->838 839 b0eb94-b0eb9f call b0dce0 837->839 845 b0eb66-b0eb8b call b0cff0 838->845 846 b0eb8d-b0eb8f call a67b60 838->846 847 b0eba1-b0eba6 839->847 848 b0ebcb-b0ebd2 call a6b0d0 839->848 845->839 845->846 846->839 851 b0ebb0-b0ebb6 847->851 856 b0ebd7-b0ebf4 call b0b630 848->856 854 b0ec5a-b0ec5c 851->854 855 b0ebbc-b0ebc9 851->855 854->848 858 b0ec62-b0ec70 854->858 855->848 855->851 864 b0ec03-b0ec19 856->864 865 b0ebf6-b0ec00 856->865 860 b0ec76-b0ec7c 858->860 861 b0ed77-b0ed82 call b0dce0 858->861 866 b0ec80-b0ec87 860->866 861->782 871 b0ed88 861->871 864->782 868 b0ec1b-b0ec22 864->868 865->864 869 b0ec89-b0ec8b 866->869 870 b0ec8d-b0ec9c 866->870 868->782 873 b0eca8-b0ecae 869->873 870->873 879 b0ec9e-b0eca5 870->879 871->856 876 b0ecb0-b0ecb6 873->876 877 b0ecb8-b0ecbd 873->877 878 b0ecc0-b0ecc2 876->878 877->878 880 b0ecc4-b0eccb 878->880 881 b0ecce-b0ecd6 878->881 879->873 880->881 882 b0ed07-b0ed09 881->882 883 b0ecd8-b0ecea 881->883 886 b0ed63-b0ed71 882->886 887 b0ed0b-b0ed12 882->887 893 b0ed03 883->893 894 b0ecec-b0ecff call a6b1e0 883->894 886->861 886->866 889 b0ed14-b0ed1b 887->889 890 b0ed59 887->890 891 b0ed27-b0ed4e 889->891 892 b0ed1d-b0ed24 889->892 896 b0ed60 890->896 891->886 901 b0ed50-b0ed57 891->901 892->891 893->882 894->893 896->886 901->896
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: %s at line %d of [%.10s]$0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da$BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$main$misuse$name$rank$temp
                                                                                                                                          • API String ID: 0-1211769679
                                                                                                                                          • Opcode ID: 773e8a741f54ab8510c23fa4be46c1439c548208ce1306a94af19fa8b336eeeb
                                                                                                                                          • Instruction ID: cb27a4f03551392f5fb55894d240b0ee3c9b833fd184595751ffe8d7934eb2e6
                                                                                                                                          • Opcode Fuzzy Hash: 773e8a741f54ab8510c23fa4be46c1439c548208ce1306a94af19fa8b336eeeb
                                                                                                                                          • Instruction Fuzzy Hash: 2E02F3B0A007009FE7349F259C85B6B7BE5EF44304F04496DE86A973D2EB71E949CB52
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4D710 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 413COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1280 a4d710-a4d7a1 call d0c450 GetPrivateProfileStringA 1283 a4d807 1280->1283 1284 a4d7a3-a4d7ac 1280->1284 1286 a4d809-a4d80c 1283->1286 1285 a4d7b0-a4d7b5 1284->1285 1285->1285 1287 a4d7b7-a4d7d4 call a44c90 1285->1287 1288 a4d80e-a4d81d 1286->1288 1289 a4d839-a4d856 call cea939 1286->1289 1300 a4d7d6-a4d7de 1287->1300 1301 a4d801 1287->1301 1292 a4d82f-a4d836 call cea599 1288->1292 1293 a4d81f-a4d82d 1288->1293 1292->1289 1293->1292 1294 a4d859-a4d8c8 call d17e47 call a5e8b0 call a5a970 call a44c90 1293->1294 1313 a4da2c-a4da57 call a507b0 call a570f0 1294->1313 1314 a4d8ce-a4d8d1 1294->1314 1303 a4d7f7-a4d7ff 1300->1303 1304 a4d7e0-a4d7f2 call a44c90 1300->1304 1301->1283 1303->1286 1304->1303 1327 a4da5c-a4da69 1313->1327 1315 a4d8d7-a4d90a call a50770 call a56b40 1314->1315 1316 a4dcef-a4dcfb 1314->1316 1337 a4d910-a4d91c 1315->1337 1338 a4d9ec-a4d9f5 1315->1338 1319 a4dd13-a4dd31 call cea599 1316->1319 1320 a4dcfd 1316->1320 1324 a4dd00-a4dd11 call cea599 1320->1324 1324->1319 1331 a4db4c-a4db55 1327->1331 1332 a4da6f 1327->1332 1334 a4db57 1331->1334 1335 a4db7e-a4dce3 1331->1335 1336 a4da70-a4da7c 1332->1336 1339 a4db60-a4db7c call a4ecd0 call cea599 1334->1339 1353 a4dce4-a4dcec call cea599 1335->1353 1340 a4da83-a4da89 1336->1340 1341 a4da7e-a4da80 1336->1341 1344 a4d923-a4d929 1337->1344 1345 a4d91e-a4d920 1337->1345 1342 a4d9f7 1338->1342 1343 a4da21-a4da27 1338->1343 1339->1335 1348 a4db20-a4db24 1340->1348 1349 a4da8f-a4daa9 call d0d320 1340->1349 1341->1340 1350 a4da00-a4da1f call a4f030 call cea599 1342->1350 1343->1353 1351 a4d9bd-a4d9c4 1344->1351 1352 a4d92f-a4d949 call d0d320 1344->1352 1345->1344 1348->1336 1357 a4db2a 1348->1357 1349->1348 1367 a4daab 1349->1367 1350->1343 1351->1337 1360 a4d9ca 1351->1360 1352->1351 1369 a4d94b 1352->1369 1353->1316 1357->1331 1360->1338 1370 a4dab0-a4dac0 1367->1370 1372 a4d950-a4d960 1369->1372 1373 a4dac2-a4dac8 1370->1373 1374 a4dacb-a4dacf 1370->1374 1375 a4d962-a4d968 1372->1375 1376 a4d96b-a4d96f 1372->1376 1373->1374 1379 a4dad1-a4dad7 1374->1379 1380 a4daf2-a4daf4 1374->1380 1375->1376 1377 a4d971-a4d977 1376->1377 1378 a4d992-a4d994 1376->1378 1377->1378 1381 a4d979-a4d97f 1377->1381 1383 a4d997-a4d999 1378->1383 1379->1380 1384 a4dad9-a4dadf 1379->1384 1382 a4daf7-a4daf9 1380->1382 1381->1378 1385 a4d981-a4d984 1381->1385 1386 a4db15-a4db1b 1382->1386 1387 a4dafb-a4db11 call d0d320 1382->1387 1388 a4d9b5-a4d9bb 1383->1388 1389 a4d99b-a4d9b1 call d0d320 1383->1389 1384->1380 1390 a4dae1-a4dae4 1384->1390 1391 a4d986-a4d98c 1385->1391 1392 a4d98e-a4d990 1385->1392 1394 a4db2c-a4db34 1386->1394 1395 a4db1d 1386->1395 1387->1370 1408 a4db13 1387->1408 1388->1351 1397 a4d9cc-a4d9d4 1388->1397 1389->1372 1409 a4d9b3 1389->1409 1398 a4dae6-a4daec 1390->1398 1399 a4daee-a4daf0 1390->1399 1391->1378 1391->1392 1392->1383 1402 a4db36-a4db3c 1394->1402 1403 a4db49 1394->1403 1395->1348 1404 a4d9d6-a4d9dc 1397->1404 1405 a4d9e9 1397->1405 1398->1380 1398->1399 1399->1382 1410 a4db40-a4db44 call a44c90 1402->1410 1411 a4db3e 1402->1411 1403->1331 1406 a4d9e0-a4d9e4 call a44c90 1404->1406 1407 a4d9de 1404->1407 1405->1338 1406->1405 1407->1406 1408->1395 1409->1351 1410->1403 1411->1410
                                                                                                                                          APIs
                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(User,DevID,00DD6E20,?,00000208,?), ref: 00A4D799
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: PrivateProfileString
                                                                                                                                          • String ID: DevID$User$dev_id_$dev_id_%$name
                                                                                                                                          • API String ID: 1096422788-2845820823
                                                                                                                                          • Opcode ID: 782d2d192d057da062ee4056aa2c1db34483b77140b0c7691e0bf62d74cc2218
                                                                                                                                          • Instruction ID: 0315bf5782a8afed79a432033587735efd15792d789eadd6ae279a4bb071d2a9
                                                                                                                                          • Opcode Fuzzy Hash: 782d2d192d057da062ee4056aa2c1db34483b77140b0c7691e0bf62d74cc2218
                                                                                                                                          • Instruction Fuzzy Hash: 47E10779A002149FCB21DF68CC81BBEBBB5FF85310F1546A9E455AB382D731AD45CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00AD1B80 Relevance: 10.4, Strings: 8, Instructions: 449COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: %s at line %d of [%.10s]$0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da$API call with %s database connection pointer$NULL$d$invalid$misuse$unopened
                                                                                                                                          • API String ID: 0-821575975
                                                                                                                                          • Opcode ID: 2a2bb389ef1bdf39c68efd792c992971e1eb7715d2e16a449f6dc53ee82b26cf
                                                                                                                                          • Instruction ID: 97704c7a00f30feb51e0ceb5820099f2e36ea9ecc8d2b3c7e6d93cfde306d3ad
                                                                                                                                          • Opcode Fuzzy Hash: 2a2bb389ef1bdf39c68efd792c992971e1eb7715d2e16a449f6dc53ee82b26cf
                                                                                                                                          • Instruction Fuzzy Hash: 67F1C070604301AFDB24DF25C8847AAB7E6BF98704F18056BE89A9B341DB31ED55CBD2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B6D000 Relevance: 6.3, APIs: 4, Instructions: 327timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00B6CF50: InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,00B6D05F,00000000,00000000,5A381189), ref: 00B6CF60
                                                                                                                                            • Part of subcall function 00B6CF50: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,?,?,?,00B6D05F,00000000,00000000,5A381189), ref: 00B6CF74
                                                                                                                                            • Part of subcall function 00B6CF50: CreateDirectoryA.KERNELBASE(5A381189,?,?,?,?,?,00B6D05F,00000000,00000000,5A381189), ref: 00B6CF9D
                                                                                                                                          • GetLastError.KERNEL32(5A381189,?), ref: 00B6D066
                                                                                                                                          • GetLastError.KERNEL32(?,?,5A381189,?), ref: 00B6D0B9
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B6D1E2
                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?), ref: 00B6D220
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DescriptorErrorLastSecurityTime$CreateDaclDirectoryException@8FileInitializeSystemThrow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2210267931-0
                                                                                                                                          • Opcode ID: 22449123fea39d0674bf8f95f7b0edd2f6770203528899bcdd37de42b56e3e48
                                                                                                                                          • Instruction ID: 25848c5bde1f93915941e51d6f9b100da357989007813970339bb2316ee3bda7
                                                                                                                                          • Opcode Fuzzy Hash: 22449123fea39d0674bf8f95f7b0edd2f6770203528899bcdd37de42b56e3e48
                                                                                                                                          • Instruction Fuzzy Hash: 54B19C71E00208AFDB14DFA8DC85BEEB7F9EF48700F10456AF505EB281EB75A9418B65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5DAE1 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00D4B266,?,?,?,?,00D4ABA8,?,00000004), ref: 00D5DBC3
                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 00D5DC53
                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 00D5DC61
                                                                                                                                            • Part of subcall function 00D5178D: GetLocaleInfoEx.KERNELBASE(?,00D4ABA8,?,00000004), ref: 00D517D1
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00D4B266,00000000,00D4B386), ref: 00D5DD04
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorInfoLastLocale_wcschr$CodePageValid_abort_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3632110724-0
                                                                                                                                          • Opcode ID: 3c761c3ce3bcd7f9b91df22bbc1e9c6978b89a9d62fdd7c4acb37d3f7b061e7f
                                                                                                                                          • Instruction ID: c3078512b9de9a44b1a0ef91cef5df3a384a7f041e8e0490445804057b8c624c
                                                                                                                                          • Opcode Fuzzy Hash: 3c761c3ce3bcd7f9b91df22bbc1e9c6978b89a9d62fdd7c4acb37d3f7b061e7f
                                                                                                                                          • Instruction Fuzzy Hash: 7E61C471600306AADF34EF65DC42AB673AAEF48712F19456AFD09D7281EA70E948C770
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5178D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLocaleInfoEx.KERNELBASE(?,00D4ABA8,?,00000004), ref: 00D517D1
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00D4ABA8,?,00000004), ref: 00D517E0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoLocale
                                                                                                                                          • String ID: GetLocaleInfoEx
                                                                                                                                          • API String ID: 2299586839-2904428671
                                                                                                                                          • Opcode ID: 0280d235d805121da4984d67017ad18b16b2550570a2990c6413c9c1d1345775
                                                                                                                                          • Instruction ID: a2552be142c7ca324c31d4e5c7962e9700499d59b0f337c426a7346296f30a16
                                                                                                                                          • Opcode Fuzzy Hash: 0280d235d805121da4984d67017ad18b16b2550570a2990c6413c9c1d1345775
                                                                                                                                          • Instruction Fuzzy Hash: CDF0C23564021CBFCF115FA19C06F6E7B60EB04721F000149BD0566250DA718D18ABB9
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B6CF50 Relevance: 4.5, APIs: 3, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,00B6D05F,00000000,00000000,5A381189), ref: 00B6CF60
                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,?,?,?,00B6D05F,00000000,00000000,5A381189), ref: 00B6CF74
                                                                                                                                          • CreateDirectoryA.KERNELBASE(5A381189,?,?,?,?,?,00B6D05F,00000000,00000000,5A381189), ref: 00B6CF9D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DescriptorSecurity$CreateDaclDirectoryInitialize
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1040993115-0
                                                                                                                                          • Opcode ID: 3d4d44ab2fd6f6862bf81558fb26148e0b24fd6c0307259834936e89eb1ea471
                                                                                                                                          • Instruction ID: dc104f2fa70af8de496c523d093c630b4ae7e52fe8f2f3b9507cc479960d552a
                                                                                                                                          • Opcode Fuzzy Hash: 3d4d44ab2fd6f6862bf81558fb26148e0b24fd6c0307259834936e89eb1ea471
                                                                                                                                          • Instruction Fuzzy Hash: D2F0127090430D9EEF10CFA1DD09BDE7BFCEB04710F100155E604E6180D7B59A44CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A410A0 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNELBASE(?), ref: 00A410AA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: f55fb12565859a3deb7fc4f5a42a7e2a33ac2f5ead93e2da37fa9592e1dad41c
                                                                                                                                          • Instruction ID: 563142cfdb45525c163c2dfdd4423eedb34dc1d2f66fcd0e35a7dad71a65284b
                                                                                                                                          • Opcode Fuzzy Hash: f55fb12565859a3deb7fc4f5a42a7e2a33ac2f5ead93e2da37fa9592e1dad41c
                                                                                                                                          • Instruction Fuzzy Hash: A3C0027590430C9B8710DBA5A94945977FCB708511B400596DD19E3315E771A95487A1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B31A70 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 653synchronizationtimeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 b31a70-b31ad9 call cea564 3 b31b03 0->3 4 b31adb-b31b01 0->4 5 b31b05-b31cfd call b2b6f0 call b2b990 GetCurrentProcessId call b38550 call b1aee0 call b705a0 GetCurrentProcess GetProcessTimes call b386f0 call b7ca10 call a44bf0 call b3bc50 call a44c90 call a4a9a0 3->5 4->5 28 b31d14 5->28 29 b31cff-b31d12 CreateMutexA 5->29 30 b31d18-b31d57 call a44c90 call a4a9a0 call b7fb00 28->30 29->30 37 b31d59-b31d68 30->37 38 b31d8d 30->38 37->38 39 b31d6a-b31d8b CreateSemaphoreA GetLastError 37->39 40 b31d91-b31dbb call a44c90 call a4a9a0 38->40 39->38 39->40 45 b31ec3-b31ec5 40->45 46 b31dc1-b31dd0 40->46 48 b31ed0-b31ee0 call d0ce2e 45->48 49 b31ec7-b31ecb call b3dcc0 45->49 46->45 47 b31dd6-b31df9 CreateSemaphoreA GetLastError 46->47 47->45 51 b31dff-b31e01 47->51 53 b31ee5 call d17e47 48->53 49->48 54 b31e03-b31e05 51->54 55 b31e19-b31e36 ReleaseSemaphore call b35860 51->55 59 b31eea-b31ef9 call d17e47 53->59 54->55 57 b31e07-b31e16 call b35190 call cea599 54->57 64 b31e64-b31e7c 55->64 65 b31e38-b31e44 55->65 57->55 75 b31f27-b31f3f 59->75 76 b31efb-b31f05 59->76 66 b31ea6-b31ec2 call cea939 64->66 67 b31e7e-b31e8a 64->67 70 b31e46-b31e54 65->70 71 b31e5a-b31e61 call cea599 65->71 73 b31e9c-b31ea3 call cea599 67->73 74 b31e8c-b31e9a 67->74 70->53 70->71 71->64 73->66 74->59 74->73 84 b31f41-b31f4b 75->84 85 b31f69-b31f81 75->85 81 b31f07-b31f15 76->81 82 b31f1d-b31f24 call cea599 76->82 89 b31f1b 81->89 90 b31fbd-b31fd9 call d17e47 81->90 82->75 92 b31f5f-b31f66 call cea599 84->92 93 b31f4d-b31f5b 84->93 86 b31f83-b31f8c 85->86 87 b31faa-b31fbc 85->87 95 b31fa0-b31fa7 call cea599 86->95 96 b31f8e-b31f9c 86->96 89->82 105 b31fdb-b31feb 90->105 106 b32009-b3201e 90->106 92->85 93->90 99 b31f5d 93->99 95->87 96->90 101 b31f9e 96->101 99->92 101->95 107 b31fff-b32006 call cea599 105->107 108 b31fed-b31ffb 105->108 107->106 109 b3201f-b32039 call d17e47 108->109 110 b31ffd 108->110 115 b32062-b32074 109->115 116 b3203b-b32044 109->116 110->107 117 b32046-b32054 116->117 118 b32058-b3205f call cea599 116->118 119 b32056 117->119 120 b32075-b32089 call d17e47 117->120 118->115 119->118 125 b3208b-b3209b 120->125 126 b320b9-b320ce 120->126 127 b320af-b320b6 call cea599 125->127 128 b3209d-b320ab 125->128 127->126 129 b320cf-b320e9 call d17e47 128->129 130 b320ad 128->130 135 b320eb-b320fb 129->135 136 b32119-b3212e 129->136 130->127 137 b3210f-b32116 call cea599 135->137 138 b320fd-b3210b 135->138 137->136 140 b3212f-b32149 call d17e47 138->140 141 b3210d 138->141 145 b3214b-b3215b 140->145 146 b3217d-b32197 140->146 141->137 147 b32173-b3217a call cea599 145->147 148 b3215d-b3216b 145->148 149 b321cb-b321e5 146->149 150 b32199-b321a9 146->150 147->146 153 b32171 148->153 154 b3226d-b32286 call d17e47 148->154 151 b321e7-b321f7 149->151 152 b32215-b3222f 149->152 156 b321c1-b321c8 call cea599 150->156 157 b321ab-b321b9 150->157 160 b3220b-b32212 call cea599 151->160 161 b321f9-b32207 151->161 162 b32231-b3223b 152->162 163 b32259-b3226c 152->163 153->147 172 b32288-b3229a call d18007 154->172 173 b3229c-b3229d 154->173 156->149 157->154 165 b321bf 157->165 160->152 161->154 168 b32209 161->168 170 b3224f-b32256 call cea599 162->170 171 b3223d-b3224b 162->171 165->156 168->160 170->163 171->154 175 b3224d 171->175 172->173 175->170
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000), ref: 00B31BC9
                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 00B31C1C
                                                                                                                                          • GetProcessTimes.KERNELBASE(00000000,?,?,?,?), ref: 00B31C36
                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,00000000,?,?,bipc_gmap_sem_lock_,00000013,?,?,?,?,?,?,00000000), ref: 00B31D04
                                                                                                                                          • CreateSemaphoreA.KERNEL32(00000000,00000000,7FFFFFFF,00000000), ref: 00B31D74
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00B31D7D
                                                                                                                                          • CreateSemaphoreA.KERNEL32(00000000,00000000,?,00000000), ref: 00B31DDE
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00B31DE7
                                                                                                                                          • ReleaseSemaphore.KERNEL32(00000394,00000001,?,?,?,?,?,?,00000000), ref: 00B31E22
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B31EE0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateProcessSemaphore$CurrentErrorLast$Exception@8MutexReleaseThrowTimes
                                                                                                                                          • String ID: bipc_gmap_sem_count_$bipc_gmap_sem_lock_$bipc_gmap_sem_map_
                                                                                                                                          • API String ID: 2375047344-3283485723
                                                                                                                                          • Opcode ID: b42c7b27d06b060e803f47cbe0942eab6ce3ad59d79aedcb0983eb9342691deb
                                                                                                                                          • Instruction ID: b5fdeb5b385066d9d137402e0b8a0d3bf40f44db374c0b1b078c442528b344cc
                                                                                                                                          • Opcode Fuzzy Hash: b42c7b27d06b060e803f47cbe0942eab6ce3ad59d79aedcb0983eb9342691deb
                                                                                                                                          • Instruction Fuzzy Hash: 97322671900644CFDB28DF68DD89BAEB7F5EF04310F24865CE056ABAD1D774A984CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4DE20 Relevance: 21.8, APIs: 4, Strings: 8, Instructions: 796COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 180 a4de20-a4de9b call a5e8b0 call a5a970 185 a4dea1-a4dea4 180->185 186 a4e33b-a4e380 call a5a610 call a507f0 180->186 187 a4e0d8-a4e121 call a5a2b0 call a507b0 185->187 188 a4deaa-a4dead 185->188 208 a4e386 186->208 209 a4e52f-a4e537 call a589a0 186->209 212 a4e2f5-a4e311 call a58350 187->212 213 a4e127 187->213 190 a4deb3-a4defc call a5a610 call a50770 188->190 191 a4e57c-a4e58b 188->191 219 a4df02-a4df08 190->219 220 a4e08c-a4e0a8 call a57f40 190->220 196 a4e5a3-a4e5cb call cea599 call cea939 191->196 197 a4e58d 191->197 202 a4e590-a4e5a1 call cea599 197->202 202->196 215 a4e390-a4e39a 208->215 224 a4e53c-a4e54b 209->224 236 a4e331-a4e336 212->236 237 a4e313-a4e32f call a4ecd0 call cea599 212->237 221 a4e130-a4e13a 213->221 222 a4e3a4-a4e3ab 215->222 223 a4e39c-a4e39e 215->223 230 a4df0c-a4df13 219->230 231 a4df0a 219->231 251 a4e0ce-a4e0d3 220->251 252 a4e0aa 220->252 233 a4e144-a4e14b 221->233 234 a4e13c-a4e13e 221->234 228 a4e3ad 222->228 229 a4e3af-a4e3c9 call a4cf60 222->229 223->222 225 a4e54d 224->225 226 a4e56e 224->226 235 a4e550-a4e56c call a4e940 call cea599 225->235 239 a4e573-a4e579 call cea599 226->239 228->229 257 a4e3d0-a4e3d5 229->257 240 a4df15 230->240 241 a4df17-a4df2b call a4ce80 230->241 231->230 243 a4e14d 233->243 244 a4e14f-a4e1be call d2cca8 call d2c270 call d2caf5 call ceaa00 call a4d080 233->244 234->233 235->226 236->239 237->236 239->191 240->241 260 a4df31-a4df36 241->260 243->244 293 a4e1c0-a4e1c5 244->293 251->239 253 a4e0b0-a4e0cc call a4f030 call cea599 252->253 253->251 257->257 265 a4e3d7-a4e3fb call a44c90 257->265 260->260 266 a4df38-a4df4d call a44c90 260->266 279 a4e400-a4e405 265->279 280 a4df50-a4df55 266->280 279->279 282 a4e407-a4e4f0 call a44c90 * 2 call d2cca8 call d2c270 call d2caf5 call ceaa00 call a51140 279->282 280->280 283 a4df57-a4e047 call a44c90 * 4 call d2cca8 call d2c270 call d2caf5 call ceaa00 call a514b0 280->283 327 a4e4f6-a4e522 call a4e940 282->327 328 a4e5ce-a4e625 call c5020b 282->328 283->328 344 a4e04d-a4e079 call a4f030 283->344 293->293 296 a4e1c7-a4e1de call a44c90 293->296 306 a4e1e1-a4e1e6 296->306 306->306 307 a4e1e8-a4e2b0 call a44c90 * 4 call a512f0 306->307 307->328 346 a4e2b6-a4e2e2 call a4ecd0 307->346 327->209 340 a4e524-a4e52a 327->340 338 a4e628-a4e62d 328->338 338->338 342 a4e62f-a4e652 call a44c90 338->342 340->215 351 a4e674 342->351 352 a4e654-a4e664 342->352 344->220 355 a4e07b-a4e087 344->355 346->212 358 a4e2e4-a4e2f0 346->358 354 a4e677-a4e67a 351->354 356 a4e666-a4e668 352->356 357 a4e670-a4e672 352->357 359 a4e680-a4e6be call a44c90 call a4a350 354->359 360 a4e722-a4e726 354->360 355->219 356->351 361 a4e66a-a4e66e 356->361 357->354 358->221 377 a4e6c0-a4e6cc 359->377 378 a4e6ec-a4e701 GetFileAttributesA 359->378 363 a4e728 360->363 364 a4e72a-a4e742 WritePrivateProfileStringA 360->364 361->356 361->357 363->364 365 a4e744-a4e750 364->365 366 a4e76c-a4e789 call cea939 364->366 368 a4e762-a4e769 call cea599 365->368 369 a4e752-a4e760 365->369 368->366 369->368 372 a4e791-a4e7ee call d17e47 call a4cf60 369->372 391 a4e7f0-a4e7f5 372->391 380 a4e6e2-a4e6e9 call cea599 377->380 381 a4e6ce-a4e6dc 377->381 378->360 382 a4e703-a4e70c GetLastError 378->382 380->378 381->380 384 a4e78c call d17e47 381->384 382->360 386 a4e70e-a4e71c CreateDirectoryA 382->386 384->372 386->360 391->391 392 a4e7f7-a4e80b call a44c90 391->392 395 a4e810-a4e815 392->395 395->395 396 a4e817-a4e8f7 call a44c90 * 2 call d2cca8 call d2c270 call d2caf5 call ceaa00 call a51140 395->396 411 a4e8f9-a4e928 call a4e940 call cea939 396->411 412 a4e92b-a4e935 call c5020b 396->412
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00A5A970: RegOpenKeyExA.KERNELBASE(80000001,SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice,00000000,00020019,?,5A381189,00000000), ref: 00A5A9B4
                                                                                                                                            • Part of subcall function 00A5A970: RegQueryValueExA.KERNELBASE(?,?,00000000,00000006,00000000,?,ProgId,00000006), ref: 00A5AA00
                                                                                                                                            • Part of subcall function 00A5A970: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,00000000,?), ref: 00A5AA30
                                                                                                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,?,?,?,5A381189), ref: 00A4E6F8
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,5A381189), ref: 00A4E703
                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,5A381189), ref: 00A4E71C
                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(User,DevID,?,?), ref: 00A4E736
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: QueryValue$AttributesCreateDirectoryErrorFileLastOpenPrivateProfileStringWrite
                                                                                                                                          • String ID: %dev_id%$6]/$6]/$6]/$DevID$User$list<T> too long$name
                                                                                                                                          • API String ID: 1808472093-4101278294
                                                                                                                                          • Opcode ID: c265538de00da159675f7c86f02bdc5b1674c27f58b3102adb1d217f210824ba
                                                                                                                                          • Instruction ID: e1a0e14df22cec88d2fc94710e1f46b94a7a4d4a659ba1e0c0f138b4da9920c6
                                                                                                                                          • Opcode Fuzzy Hash: c265538de00da159675f7c86f02bdc5b1674c27f58b3102adb1d217f210824ba
                                                                                                                                          • Instruction Fuzzy Hash: 8962B175900219DFCB24DF64C981BEDBBB4FF99300F1481A9E50967281EB706E88CFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B31880 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 170COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 419 b31880-b318f0 OpenEventLogA 420 b318f6-b31915 call d1800c 419->420 421 b31a0d 419->421 426 b31917-b31921 CloseEventLog 420->426 427 b3192c-b31943 ReadEventLogA 420->427 423 b31a10-b31a2d call cea939 421->423 426->423 429 b31945-b3194e GetLastError 427->429 430 b3196e-b31977 427->430 431 b31954-b31966 call d18017 429->431 432 b31a2e-b31a67 call d18007 CloseEventLog GetLastError call b2fe10 call b305f0 call d0ce2e 429->432 433 b31926-b31929 430->433 434 b31979 430->434 431->432 442 b3196c 431->442 459 b31a6c-b31a6f 432->459 433->427 437 b31980-b31983 434->437 440 b31988-b3198c 437->440 443 b319a8-b319aa 440->443 444 b3198e-b31990 440->444 442->427 445 b319ad-b319af 443->445 447 b31992-b31998 444->447 448 b319a4-b319a6 444->448 449 b319b1-b319b7 445->449 450 b319b9-b319bd 445->450 447->443 452 b3199a-b319a2 447->452 448->445 449->450 453 b319c4-b319de call a4ce20 449->453 450->437 454 b319bf 450->454 452->440 452->448 460 b319e0-b319e5 453->460 454->433 460->460 461 b319e7-b31a0b call a44c90 call d18007 CloseEventLog 460->461 461->423
                                                                                                                                          APIs
                                                                                                                                          • OpenEventLogA.ADVAPI32(00000000,System), ref: 00B318E3
                                                                                                                                          • CloseEventLog.ADVAPI32(00000000), ref: 00B3191B
                                                                                                                                          • ReadEventLogA.ADVAPI32(00000000,00000009,00000000,00000000,00010000,00000000,00000000), ref: 00B3193B
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B31945
                                                                                                                                          • CloseEventLog.ADVAPI32(?), ref: 00B31A05
                                                                                                                                          • CloseEventLog.ADVAPI32(?), ref: 00B31A3C
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B31A42
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B31A67
                                                                                                                                            • Part of subcall function 00D0CE2E: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFE720,?,?,00B746EE,?,?,?,00B29E45,?,00DFE720,00000000,00000001), ref: 00D0CE8E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Event$Close$ErrorLast$DispatcherExceptionException@8OpenReadThrowUser
                                                                                                                                          • String ID: EventLog$System
                                                                                                                                          • API String ID: 2411952807-971334048
                                                                                                                                          • Opcode ID: f7cc2e5a38a4a4985bb2403380279828c92cf61273e3151569bad155c49ac87f
                                                                                                                                          • Instruction ID: 54f85d1298f19d9931dae43b615b965f1c06c8f9cfaf2d15b15adb8742155474
                                                                                                                                          • Opcode Fuzzy Hash: f7cc2e5a38a4a4985bb2403380279828c92cf61273e3151569bad155c49ac87f
                                                                                                                                          • Instruction Fuzzy Hash: 1751B5719003489FCB10DFA8DD95BEEBBFDEF05314F240569E505AB241E735A90ACB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A5A970 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 374registryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 466 a5a970-a5a9bc RegOpenKeyExA 467 a5a9c2-a5aa04 call a44c90 RegQueryValueExA 466->467 468 a5acec 466->468 473 a5acb3-a5acc2 RegCloseKey 467->473 474 a5aa0a-a5aa34 call cea5a7 RegQueryValueExA 467->474 470 a5acf1-a5ad0c call cea939 468->470 473->468 477 a5acc4-a5acd0 473->477 481 a5acaa-a5acb0 call cea5b0 474->481 482 a5aa3a-a5aa4c 474->482 479 a5ace2-a5ace9 call cea599 477->479 480 a5acd2-a5ace0 477->480 479->468 480->479 481->473 485 a5aa50-a5aa55 482->485 485->485 488 a5aa57-a5aa6b call a44c90 485->488 491 a5aaa6 488->491 492 a5aa6d-a5aa88 call a4a0d0 488->492 493 a5aaaa-a5aaad 491->493 501 a5aa8c-a5aaa4 call a51b20 492->501 502 a5aa8a 492->502 495 a5aae6-a5aaea 493->495 496 a5aaaf-a5aab8 493->496 499 a5aaf6-a5aafa 495->499 500 a5aaec-a5aaf1 495->500 496->495 498 a5aaba-a5aac6 496->498 503 a5aadc-a5aae3 call cea599 498->503 504 a5aac8-a5aad6 498->504 506 a5ab34 499->506 507 a5aafc-a5ab15 call a4a0d0 499->507 505 a5ac0a-a5ac10 500->505 501->491 501->493 502->501 503->495 504->503 513 a5ad0d-a5ad45 call d17e47 504->513 509 a5ac12-a5ac1e 505->509 510 a5ac3e-a5ac44 505->510 512 a5ab38-a5ab3b 506->512 532 a5ab17 507->532 533 a5ab19-a5ab32 call a51b20 507->533 517 a5ac34-a5ac3b call cea599 509->517 518 a5ac20-a5ac2e 509->518 521 a5ac46-a5ac52 510->521 522 a5ac72-a5ac74 510->522 519 a5ab74-a5ab78 512->519 520 a5ab3d-a5ab46 512->520 535 a5ad47-a5ad60 513->535 536 a5ad8d-a5ad8e 513->536 517->510 518->517 530 a5ab84-a5ab88 519->530 531 a5ab7a-a5ab7f 519->531 520->519 527 a5ab48-a5ab54 520->527 528 a5ac54-a5ac62 521->528 529 a5ac68-a5ac6f call cea599 521->529 522->470 538 a5ab56-a5ab64 527->538 539 a5ab6a-a5ab71 call cea599 527->539 528->529 529->522 541 a5abc2 530->541 542 a5ab8a-a5aba3 call a4a0d0 530->542 531->505 532->533 533->506 533->512 544 a5ad62 535->544 545 a5ad7a-a5ad8a call cea599 * 2 535->545 538->539 539->519 546 a5abc6-a5abc9 541->546 556 a5aba5 542->556 557 a5aba7-a5abc0 call a51b20 542->557 551 a5ad63-a5ad77 call cea599 544->551 545->536 552 a5abff-a5ac03 546->552 553 a5abcb-a5abd1 546->553 570 a5ad79 551->570 561 a5ac05 552->561 562 a5ac76-a5ac7c 552->562 553->552 559 a5abd3-a5abdf 553->559 556->557 557->541 557->546 565 a5abf5-a5abfc call cea599 559->565 566 a5abe1-a5abef 559->566 561->505 562->481 568 a5ac7e-a5ac8a 562->568 565->552 566->565 573 a5aca0-a5aca7 call cea599 568->573 574 a5ac8c-a5ac9a 568->574 570->545 573->481 574->573
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000001,SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice,00000000,00020019,?,5A381189,00000000), ref: 00A5A9B4
                                                                                                                                          • RegQueryValueExA.KERNELBASE(?,?,00000000,00000006,00000000,?,ProgId,00000006), ref: 00A5AA00
                                                                                                                                          • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,00000000,?), ref: 00A5AA30
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00A5ACB6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: QueryValue$CloseOpen
                                                                                                                                          • String ID: Chrome$Fire$MSEdgeHTM$ProgId$SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
                                                                                                                                          • API String ID: 1586453840-2711715256
                                                                                                                                          • Opcode ID: 1c45fd3571d63850d25cedfc727f22fcbb4923ea3b97afc210173e00b4bfa016
                                                                                                                                          • Instruction ID: a2a2eb352d671d73d4364c7124ae6cebced1f1bbc0543f2a4d41c6e2ff8c7e91
                                                                                                                                          • Opcode Fuzzy Hash: 1c45fd3571d63850d25cedfc727f22fcbb4923ea3b97afc210173e00b4bfa016
                                                                                                                                          • Instruction Fuzzy Hash: C6C14871B002449FEB08DBA8DD85BADBB76FF95301F144218F811AB2D2E7319D88C752
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4C73C Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 903 d4c73c-d4c74c 904 d4c766-d4c768 903->904 905 d4c74e-d4c761 call d17f4a call d17f5d 903->905 906 d4cad0-d4cadd call d17f4a call d17f5d 904->906 907 d4c76e-d4c774 904->907 919 d4cae8 905->919 925 d4cae3 call d17e37 906->925 907->906 911 d4c77a-d4c7a5 907->911 911->906 914 d4c7ab-d4c7b4 911->914 917 d4c7b6-d4c7c9 call d17f4a call d17f5d 914->917 918 d4c7ce-d4c7d0 914->918 917->925 922 d4c7d6-d4c7da 918->922 923 d4cacc-d4cace 918->923 924 d4caeb-d4caf0 919->924 922->923 927 d4c7e0-d4c7e4 922->927 923->924 925->919 927->917 930 d4c7e6-d4c7fd 927->930 931 d4c7ff-d4c802 930->931 932 d4c81a-d4c823 930->932 934 d4c804-d4c80a 931->934 935 d4c80c-d4c815 931->935 936 d4c825-d4c83c call d17f4a call d17f5d call d17e37 932->936 937 d4c841-d4c84b 932->937 934->935 934->936 938 d4c8b6-d4c8d0 935->938 968 d4ca03 936->968 940 d4c852-d4c870 call d4f7dd call d4f7a3 * 2 937->940 941 d4c84d-d4c84f 937->941 943 d4c9a4-d4c9ad call d5f47b 938->943 944 d4c8d6-d4c8e6 938->944 972 d4c872-d4c888 call d17f5d call d17f4a 940->972 973 d4c88d-d4c8b3 call d44032 940->973 941->940 957 d4ca20 943->957 958 d4c9af-d4c9c1 943->958 944->943 948 d4c8ec-d4c8ee 944->948 948->943 953 d4c8f4-d4c91a 948->953 953->943 954 d4c920-d4c933 953->954 954->943 959 d4c935-d4c937 954->959 961 d4ca24-d4ca3c ReadFile 957->961 958->957 963 d4c9c3-d4c9d2 GetConsoleMode 958->963 959->943 964 d4c939-d4c964 959->964 966 d4ca3e-d4ca44 961->966 967 d4ca98-d4caa3 GetLastError 961->967 963->957 969 d4c9d4-d4c9d8 963->969 964->943 971 d4c966-d4c979 964->971 966->967 976 d4ca46 966->976 974 d4caa5-d4cab7 call d17f5d call d17f4a 967->974 975 d4cabc-d4cabf 967->975 970 d4ca06-d4ca10 call d4f7a3 968->970 969->961 977 d4c9da-d4c9f4 ReadConsoleW 969->977 970->924 971->943 979 d4c97b-d4c97d 971->979 972->968 973->938 974->968 986 d4cac5-d4cac7 975->986 987 d4c9fc-d4ca02 call d17f27 975->987 983 d4ca49-d4ca5b 976->983 984 d4ca15-d4ca1e 977->984 985 d4c9f6 GetLastError 977->985 979->943 989 d4c97f-d4c99f 979->989 983->970 993 d4ca5d-d4ca61 983->993 984->983 985->987 986->970 987->968 989->943 998 d4ca63-d4ca73 call d4c458 993->998 999 d4ca7a-d4ca85 993->999 1010 d4ca76-d4ca78 998->1010 1000 d4ca87 call d4c5a8 999->1000 1001 d4ca91-d4ca96 call d4c238 999->1001 1008 d4ca8c-d4ca8f 1000->1008 1001->1008 1008->1010 1010->970
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 839624f378a2c6758cdc62ea962e0d7d1b20190bf3acb338de4da40e24c76161
                                                                                                                                          • Instruction ID: baa6086f74697f33a36b7b756a32498755b01a17058c08f77ca317b568bdb398
                                                                                                                                          • Opcode Fuzzy Hash: 839624f378a2c6758cdc62ea962e0d7d1b20190bf3acb338de4da40e24c76161
                                                                                                                                          • Instruction Fuzzy Hash: 9EC1E170E16289AFCF51CFA8D886BAEBBB0EF09310F085199E555A7392C7309941CF71
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4EA01 Relevance: 13.8, APIs: 9, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1011 d4ea01-d4ea31 call d4e617 1014 d4ea33-d4ea3e call d17f4a 1011->1014 1015 d4ea4c-d4ea58 call d559c2 1011->1015 1020 d4ea40-d4ea47 call d17f5d 1014->1020 1021 d4ea71-d4eaba call d4e51f 1015->1021 1022 d4ea5a-d4ea6f call d17f4a call d17f5d 1015->1022 1032 d4ed23-d4ed29 1020->1032 1030 d4eb27-d4eb30 GetFileType 1021->1030 1031 d4eabc-d4eac5 1021->1031 1022->1020 1036 d4eb32-d4eb63 GetLastError call d17f27 CloseHandle 1030->1036 1037 d4eb79-d4eb7c 1030->1037 1034 d4eac7-d4eacb 1031->1034 1035 d4eafc-d4eb22 GetLastError call d17f27 1031->1035 1034->1035 1040 d4eacd-d4eafa call d4e51f 1034->1040 1035->1020 1036->1020 1048 d4eb69-d4eb74 call d17f5d 1036->1048 1038 d4eb85-d4eb8b 1037->1038 1039 d4eb7e-d4eb83 1037->1039 1044 d4eb8f-d4ebdd call d5590b 1038->1044 1045 d4eb8d 1038->1045 1039->1044 1040->1030 1040->1035 1054 d4ebed-d4ec11 call d4e2d2 1044->1054 1055 d4ebdf-d4ebeb call d4e830 1044->1055 1045->1044 1048->1020 1060 d4ec24-d4ec67 1054->1060 1061 d4ec13 1054->1061 1055->1054 1062 d4ec15-d4ec1f call d4de75 1055->1062 1064 d4ec88-d4ec96 1060->1064 1065 d4ec69-d4ec6d 1060->1065 1061->1062 1062->1032 1068 d4ed21 1064->1068 1069 d4ec9c-d4eca0 1064->1069 1065->1064 1067 d4ec6f-d4ec83 1065->1067 1067->1064 1068->1032 1069->1068 1070 d4eca2-d4ecd5 CloseHandle call d4e51f 1069->1070 1073 d4ecd7-d4ed03 GetLastError call d17f27 call d55ad4 1070->1073 1074 d4ed09-d4ed1d 1070->1074 1073->1074 1074->1068
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4E51F: CreateFileW.KERNELBASE(00000000,00000000,?,00D4EAAA,?,?,00000000,?,00D4EAAA,00000000,0000000C), ref: 00D4E53C
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D4EB15
                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D4EB1C
                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 00D4EB28
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D4EB32
                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D4EB3B
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00D4EB5B
                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00D4ECA5
                                                                                                                                          • GetLastError.KERNEL32 ref: 00D4ECD7
                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D4ECDE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4237864984-0
                                                                                                                                          • Opcode ID: 352ee082864a6e8085887a93da994b06d995742c2bf132f3f6656c09dad42659
                                                                                                                                          • Instruction ID: ca02fca7c960c6859ea35dca03aa3c7f25e932fef0c38d5fc005dfa6414f0ead
                                                                                                                                          • Opcode Fuzzy Hash: 352ee082864a6e8085887a93da994b06d995742c2bf132f3f6656c09dad42659
                                                                                                                                          • Instruction Fuzzy Hash: 73A10632A14148AFDF199F68DC967AE7BA1FF06320F180159E812EB391DB319856CB71
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4BBA8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1079 d4bba8-d4bc06 call d4f562 call d4b0b6 1084 d4bc08 1079->1084 1085 d4bc1b-d4bc30 1079->1085 1087 d4bc0a-d4bc1a call cea939 1084->1087 1086 d4bc32-d4bc45 1085->1086 1088 d4bc47-d4bc4b 1086->1088 1089 d4bc7c-d4bc7e 1086->1089 1092 d4bc74-d4bc7a 1088->1092 1093 d4bc4d-d4bc62 1088->1093 1094 d4bc81-d4bc83 1089->1094 1092->1094 1093->1089 1095 d4bc64-d4bc72 1093->1095 1096 d4bc85-d4bc87 1094->1096 1097 d4bc89-d4bc8f 1094->1097 1095->1086 1095->1092 1096->1087 1098 d4bc92-d4bc9f 1097->1098 1098->1098 1099 d4bca1-d4bcc4 call d4f7dd 1098->1099 1099->1084 1102 d4bcca-d4bd0a call d46c99 1099->1102 1105 d4bd10-d4bd21 1102->1105 1106 d4bf63-d4bf95 call d17e64 1102->1106 1107 d4bd23-d4bd2b 1105->1107 1108 d4bd3c-d4bd4f call d4ad5f 1105->1108 1107->1108 1110 d4bd2d-d4bd3a 1107->1110 1113 d4bd56-d4bd59 1108->1113 1110->1113 1115 d4be76-d4be79 1113->1115 1116 d4bd5f-d4bd84 1113->1116 1118 d4be86-d4be89 1115->1118 1119 d4be7b-d4be84 1115->1119 1117 d4bd8a-d4bd8f 1116->1117 1120 d4bd91-d4bdd4 1117->1120 1121 d4bdd8-d4bdda 1117->1121 1122 d4be94-d4bea6 1118->1122 1123 d4be8b-d4be91 1118->1123 1119->1122 1120->1117 1124 d4bdd6 1120->1124 1125 d4bddc-d4bdf7 1121->1125 1126 d4bdfb-d4bdfe 1121->1126 1132 d4bea8-d4beb1 1122->1132 1123->1122 1124->1126 1125->1126 1127 d4be00-d4be2b call d56348 1126->1127 1128 d4be6e-d4be74 1126->1128 1133 d4be66 1127->1133 1134 d4be2d-d4be3e 1127->1134 1128->1122 1135 d4bef1-d4bef7 1132->1135 1136 d4beb3-d4beec call d4f7a3 * 2 1132->1136 1139 d4be69-d4be6c 1133->1139 1134->1134 1137 d4be40-d4be64 call d0dfcc 1134->1137 1140 d4bf43 1135->1140 1141 d4bef9-d4bf08 1135->1141 1136->1084 1137->1139 1139->1128 1142 d4bf49-d4bf5e 1140->1142 1141->1140 1145 d4bf0a-d4bf41 call d4f7a3 * 3 1141->1145 1142->1087 1145->1142
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 00D4BE52
                                                                                                                                          • _free.LIBCMT ref: 00D4BEC3
                                                                                                                                          • _free.LIBCMT ref: 00D4BEDC
                                                                                                                                          • _free.LIBCMT ref: 00D4BF0E
                                                                                                                                          • _free.LIBCMT ref: 00D4BF17
                                                                                                                                          • _free.LIBCMT ref: 00D4BF23
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                          • String ID: C
                                                                                                                                          • API String ID: 1679612858-1037565863
                                                                                                                                          • Opcode ID: 8d21781bc32acd991ecc58fffd562866018bfb6f63f1f94ee82ec69145dc089d
                                                                                                                                          • Instruction ID: 3e1e4f51b22fd79f077660737b2a6abb9f01a4ca3f31ad3537c9f56896c18bc1
                                                                                                                                          • Opcode Fuzzy Hash: 8d21781bc32acd991ecc58fffd562866018bfb6f63f1f94ee82ec69145dc089d
                                                                                                                                          • Instruction Fuzzy Hash: 0EC15875A01219DFDB24DF28C884AADB7B0FF58314F5441EAE949A7360E731AE90CF60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D53890 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171timeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1155 d53890-d538b8 call d531a4 call d53202 1160 d539e0-d53a3c call d17e64 call d2ed02 1155->1160 1161 d538be-d538ca call d531aa 1155->1161 1172 d53a46-d53a49 1160->1172 1173 d53a3e-d53a44 1160->1173 1161->1160 1167 d538d0-d538dc call d531d6 1161->1167 1167->1160 1174 d538e2-d53903 call d4f7a3 GetTimeZoneInformation 1167->1174 1175 d53a8c-d53a9e 1172->1175 1177 d53a4b-d53a5b call d4f7dd 1172->1177 1173->1175 1185 d539bc-d539df call d5319e call d53192 call d53198 1174->1185 1186 d53909-d5392a 1174->1186 1178 d53aa0-d53aa3 1175->1178 1179 d53aae 1175->1179 1193 d53a65-d53a7e call d2ed02 1177->1193 1194 d53a5d 1177->1194 1178->1179 1184 d53aa5-d53aac call d536bb 1178->1184 1182 d53ab3-d53aca call d4f7a3 call cea939 1179->1182 1183 d53aae call d53890 1179->1183 1183->1182 1184->1182 1190 d53934-d5393b 1186->1190 1191 d5392c-d53931 1186->1191 1198 d53953-d53956 1190->1198 1199 d5393d-d53944 1190->1199 1191->1190 1209 d53a80-d53a81 1193->1209 1210 d53a83-d53a89 call d4f7a3 1193->1210 1201 d53a5e-d53a63 call d4f7a3 1194->1201 1206 d53959-d5397a call d44273 WideCharToMultiByte 1198->1206 1199->1198 1205 d53946-d53951 1199->1205 1214 d53a8b 1201->1214 1205->1206 1220 d5397c-d5397f 1206->1220 1221 d53988-d5398a 1206->1221 1209->1201 1210->1214 1214->1175 1220->1221 1222 d53981-d53986 1220->1222 1223 d5398c-d539a8 WideCharToMultiByte 1221->1223 1222->1223 1224 d539b7-d539ba 1223->1224 1225 d539aa-d539ad 1223->1225 1224->1185 1225->1224 1226 d539af-d539b5 1225->1226 1226->1185
                                                                                                                                          APIs
                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00DC6560), ref: 00D538FA
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,W. Europe Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00D53972
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,W. Europe Summer Time,000000FF,?,0000003F,00000000,?), ref: 00D5399F
                                                                                                                                          • _free.LIBCMT ref: 00D538E8
                                                                                                                                            • Part of subcall function 00D4F7A3: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000), ref: 00D4F7B9
                                                                                                                                            • Part of subcall function 00D4F7A3: GetLastError.KERNEL32(00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000,00000000), ref: 00D4F7CB
                                                                                                                                          • _free.LIBCMT ref: 00D53AB4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                          • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                          • API String ID: 1286116820-690618308
                                                                                                                                          • Opcode ID: 01ee49381aa058440988037e3ec87dee19aa8466233b6f62d19d660afa33c95d
                                                                                                                                          • Instruction ID: cef3d79f0911837d4e9c6ffb8e7fe5aaf9d3d8bdb2077dc5dcfd19321e932427
                                                                                                                                          • Opcode Fuzzy Hash: 01ee49381aa058440988037e3ec87dee19aa8466233b6f62d19d660afa33c95d
                                                                                                                                          • Instruction Fuzzy Hash: 7651C6B2904209AFCF10DFA59C859AEBBB8EF50391B15426AEC50A3261D770DF488F70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B73030 Relevance: 12.2, APIs: 8, Instructions: 179sleepthreadCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1227 b73030-b7306d 1228 b73070 1227->1228 1229 b73075-b73083 1228->1229 1230 b73226-b73237 1229->1230 1231 b73089-b7308c 1229->1231 1231->1230 1232 b73092-b73095 1231->1232 1233 b73097-b7309d 1232->1233 1234 b7309f-b730a2 1232->1234 1233->1229 1235 b73209-b73215 call b31a70 1234->1235 1236 b730a8-b730aa 1234->1236 1242 b7321a-b73224 1235->1242 1238 b730d1-b730d4 1236->1238 1239 b730ac-b730b3 1236->1239 1240 b731ba-b731bb 1238->1240 1241 b730da-b730dd 1238->1241 1243 b730b5-b730bf GetSystemInfo 1239->1243 1244 b730c2-b730ce 1239->1244 1240->1228 1245 b730e4 1241->1245 1246 b730df-b730e2 1241->1246 1242->1230 1243->1244 1244->1238 1247 b7319f-b731a1 1245->1247 1248 b730ea-b73114 call b71330 * 2 1245->1248 1246->1228 1250 b731a3-b731a7 1247->1250 1251 b731c0-b731d2 call b71330 1247->1251 1269 b73116-b73128 1248->1269 1270 b7312a-b7315d call cea950 * 2 1248->1270 1254 b731fb-b73204 Sleep 1250->1254 1255 b731a9-b731b1 SwitchToThread 1250->1255 1261 b731e4-b731e7 1251->1261 1262 b731d4-b731e2 GetTickCount 1251->1262 1254->1228 1255->1240 1257 b731b3-b731b4 Sleep 1255->1257 1257->1240 1264 b731ea-b731f1 1261->1264 1262->1264 1264->1255 1265 b731f3 1264->1265 1267 b731f5-b731f7 1265->1267 1268 b731f9 1265->1268 1267->1255 1267->1268 1268->1254 1272 b73162-b73177 call b71330 1269->1272 1270->1272 1278 b73190-b7319a 1272->1278 1279 b73179-b7318b GetTickCount 1272->1279 1278->1228 1279->1228
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNEL32(00000001,5A381189,00000001,00000000,00B7C780), ref: 00B730B9
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B7314E
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B7315D
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B73179
                                                                                                                                          • SwitchToThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00D79D80,000000FF,?,00B732CA), ref: 00B731A9
                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00D79D80,000000FF), ref: 00B731B4
                                                                                                                                            • Part of subcall function 00B71330: SwitchToThread.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B71368
                                                                                                                                            • Part of subcall function 00B71330: Sleep.KERNEL32(00000001,00000000,?,-0000001F,00000000,00000000), ref: 00B71377
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B731D4
                                                                                                                                          • Sleep.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00D79D80,000000FF), ref: 00B731FD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Sleep$CountSwitchThreadTickUnothrow_t@std@@@__ehfuncinfo$??2@$InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2127994005-0
                                                                                                                                          • Opcode ID: b67f6c2f9a5055d9e98ff4ac386f5e85ed060b9e9d83d42d8bf89a5b3dcc959a
                                                                                                                                          • Instruction ID: becd540f7fccd6b27f05a03cdc17ca359f1b5a0faefc8ef40488f8f96dce0b0a
                                                                                                                                          • Opcode Fuzzy Hash: b67f6c2f9a5055d9e98ff4ac386f5e85ed060b9e9d83d42d8bf89a5b3dcc959a
                                                                                                                                          • Instruction Fuzzy Hash: E951E571E002059FDB14DBA8DC95BAEB7F4EB48B10F118169E52AF7240EB219A44DB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D2F824 Relevance: 9.5, APIs: 6, Instructions: 485COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1600 d2f824-d2f832 1601 d2f834-d2f845 call d17f5d call d17e37 1600->1601 1602 d2f84a-d2f85a 1600->1602 1619 d2f9e8-d2f9ec 1601->1619 1603 d2f85c-d2f86b call d17f5d call d17e37 1602->1603 1604 d2f86d-d2f870 1602->1604 1621 d2f884-d2f886 1603->1621 1607 d2f872-d2f878 1604->1607 1608 d2f87a-d2f882 call d17f5d 1604->1608 1607->1608 1612 d2f88b-d2f8a8 call d53acb call d531aa 1607->1612 1608->1621 1625 d2fa25-d2fa3e call d17e64 1612->1625 1626 d2f8ae-d2f8ba call d531d6 1612->1626 1623 d2f9e7 1621->1623 1623->1619 1631 d2fa53-d2fa63 1625->1631 1632 d2fa40-d2fa51 call d17f5d call d17e37 1625->1632 1626->1625 1633 d2f8c0-d2f8cc call d53202 1626->1633 1636 d2fa65-d2fa76 call d17f5d call d17e37 1631->1636 1637 d2fa78-d2fa7e 1631->1637 1658 d2faa6-d2faaa 1632->1658 1633->1625 1646 d2f8d2-d2f8d9 1633->1646 1667 d2faa5 1636->1667 1641 d2fa80 1637->1641 1642 d2fa86-d2fa8c 1637->1642 1648 d2fa82-d2fa84 1641->1648 1649 d2fa98-d2faa2 call d17f5d 1641->1649 1643 d2faab call d53acb 1642->1643 1644 d2fa8e 1642->1644 1660 d2fab0-d2fac5 call d531aa 1643->1660 1644->1649 1650 d2fa90-d2fa96 1644->1650 1654 d2f93a-d2f945 call d2c265 1646->1654 1655 d2f8db-d2f8e0 1646->1655 1648->1642 1648->1649 1663 d2faa4 1649->1663 1650->1643 1650->1649 1668 d2f9e6 1654->1668 1669 d2f94b-d2f950 1654->1669 1655->1654 1661 d2f8e2-d2f8f6 call d2c265 1655->1661 1674 d2facb-d2fad7 call d531d6 1660->1674 1675 d2fcaf-d2fcd1 call d17e64 call d2c265 1660->1675 1661->1668 1676 d2f8fc-d2f8ff 1661->1676 1663->1667 1667->1658 1668->1623 1672 d2f952-d2f95b call d53b1c 1669->1672 1673 d2f96e 1669->1673 1672->1673 1693 d2f95d-d2f96c 1672->1693 1679 d2f971-d2f97d 1673->1679 1674->1675 1689 d2fadd-d2fae9 call d53202 1674->1689 1681 d2f9e4 1676->1681 1682 d2f905-d2f90e call d53b1c 1676->1682 1683 d2f986-d2f99a 1679->1683 1684 d2f97f-d2f984 1679->1684 1681->1668 1682->1681 1696 d2f914-d2f928 call d2c265 1682->1696 1691 d2f9a4-d2f9bb 1683->1691 1692 d2f99c-d2f9a1 1683->1692 1684->1683 1689->1675 1704 d2faef-d2faf6 1689->1704 1697 d2f9c5-d2f9ce 1691->1697 1698 d2f9bd-d2f9c2 1691->1698 1692->1691 1693->1679 1696->1668 1710 d2f92e-d2f935 1696->1710 1702 d2f9d0-d2f9de 1697->1702 1703 d2f9ed 1697->1703 1698->1697 1706 d2f9e1 1702->1706 1703->1681 1707 d2f9ef-d2fa08 1703->1707 1708 d2fb77-d2fb82 call d2c297 1704->1708 1709 d2faf8 1704->1709 1706->1681 1707->1706 1711 d2fa0a-d2fa23 1707->1711 1708->1663 1717 d2fb88-d2fb93 1708->1717 1713 d2fb02-d2fb07 1709->1713 1714 d2fafa-d2fb00 1709->1714 1710->1681 1711->1681 1713->1708 1716 d2fb09 1713->1716 1714->1708 1714->1713 1718 d2fb13-d2fb2f call d2c297 1716->1718 1719 d2fb0b-d2fb11 1716->1719 1720 d2fb95-d2fb9e call d53b1c 1717->1720 1721 d2fbaf 1717->1721 1718->1663 1727 d2fb35-d2fb38 1718->1727 1719->1708 1719->1718 1720->1721 1730 d2fba0-d2fbad 1720->1730 1725 d2fbb2-d2fbc6 call ceb350 1721->1725 1733 d2fbd3-d2fbfa call cea950 call ceb350 1725->1733 1734 d2fbc8-d2fbd0 1725->1734 1731 d2fc68-d2fc6a 1727->1731 1732 d2fb3e-d2fb47 call d53b1c 1727->1732 1730->1725 1731->1663 1732->1731 1738 d2fb4d-d2fb65 call d2c297 1732->1738 1745 d2fc08-d2fc2f call cea950 call ceb350 1733->1745 1746 d2fbfc-d2fc05 1733->1746 1734->1733 1738->1663 1744 d2fb6b-d2fb72 1738->1744 1744->1731 1751 d2fc31-d2fc3a 1745->1751 1752 d2fc3d-d2fc4c call cea950 1745->1752 1746->1745 1751->1752 1755 d2fc79-d2fc92 1752->1755 1756 d2fc4e 1752->1756 1759 d2fc94-d2fcad 1755->1759 1760 d2fc65 1755->1760 1757 d2fc50-d2fc52 1756->1757 1758 d2fc54-d2fc62 1756->1758 1757->1758 1761 d2fc6f-d2fc71 1757->1761 1758->1760 1759->1731 1760->1731 1761->1731 1762 d2fc73 1761->1762 1762->1755 1763 d2fc75-d2fc77 1762->1763 1763->1731 1763->1755
                                                                                                                                          APIs
                                                                                                                                          • __allrem.LIBCMT ref: 00D2FBBD
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D2FBD9
                                                                                                                                          • __allrem.LIBCMT ref: 00D2FBF0
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D2FC0E
                                                                                                                                          • __allrem.LIBCMT ref: 00D2FC25
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D2FC43
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                          • Opcode ID: 8d961c51c98e501c5d8f02647bde8edb3f402f1449dbe58eb267587811b0f001
                                                                                                                                          • Instruction ID: 8e6bb9fccd26ae45c58bf452519f264bbbc6decdeb7ebf17c51447e1c068e848
                                                                                                                                          • Opcode Fuzzy Hash: 8d961c51c98e501c5d8f02647bde8edb3f402f1449dbe58eb267587811b0f001
                                                                                                                                          • Instruction Fuzzy Hash: FEE10672604716ABD7209F6DE881B6EB3F8EF64328F24493AF455D7681EB70D9408B70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A589A0 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 480COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1764 a589a0-a589de 1765 a589e6-a58a58 call a55980 call a4ae70 * 2 call a545a0 1764->1765 1766 a589e0 1764->1766 1775 a58a5c-a58a7f call b0e730 1765->1775 1776 a58a5a 1765->1776 1766->1765 1779 a58a81-a58a90 1775->1779 1780 a58ab0-a58ab2 1775->1780 1776->1775 1781 a58aa6-a58aad call cea599 1779->1781 1782 a58a92-a58aa0 1779->1782 1783 a58b48-a58b5b 1780->1783 1784 a58ab8-a58adf call a545a0 1780->1784 1781->1780 1782->1781 1785 a58fc5-a58ff3 call d17e47 1782->1785 1787 a58b61-a58bb8 call d0c450 call a51fe0 call ad8520 1783->1787 1788 a58eac 1783->1788 1796 a58ae1 1784->1796 1797 a58ae3-a58aef call b0e730 1784->1797 1807 a58ff5-a58ffa 1785->1807 1808 a58ffb-a5900f call cea299 1785->1808 1787->1788 1836 a58bbe-a58bd2 call a97100 1787->1836 1792 a58eb1-a58eba 1788->1792 1798 a58ef1-a58f17 1792->1798 1799 a58ebc-a58ed1 1792->1799 1796->1797 1812 a58af4-a58b06 1797->1812 1805 a58f4e-a58f74 1798->1805 1806 a58f19-a58f2e 1798->1806 1803 a58ee7-a58eee call cea599 1799->1803 1804 a58ed3-a58ee1 1799->1804 1803->1798 1804->1803 1809 a58fa7-a58fc4 call cea939 1805->1809 1810 a58f76-a58f8b 1805->1810 1814 a58f44-a58f4b call cea599 1806->1814 1815 a58f30-a58f3e 1806->1815 1808->1807 1826 a59011-a59036 call a5e8b0 call cea076 call cea24f 1808->1826 1817 a58f9d-a58fa4 call cea599 1810->1817 1818 a58f8d-a58f9b 1810->1818 1820 a58b37-a58b39 1812->1820 1821 a58b08-a58b17 1812->1821 1814->1805 1815->1814 1817->1809 1818->1817 1820->1783 1832 a58b3b-a58b3d 1820->1832 1829 a58b2d-a58b34 call cea599 1821->1829 1830 a58b19-a58b27 1821->1830 1826->1807 1829->1820 1830->1829 1838 a58b41-a58b43 1832->1838 1839 a58b3f 1832->1839 1846 a58bd4-a58bf3 call a97950 call a97a50 1836->1846 1847 a58c21-a58c33 1836->1847 1838->1792 1839->1838 1846->1847 1859 a58bf5-a58bfb 1846->1859 1849 a58c39-a58c44 call a95fa0 1847->1849 1849->1788 1856 a58c4a-a58c6c call d0c450 1849->1856 1863 a58c72-a58ca4 call d0c450 call a51fe0 1856->1863 1864 a58e9d-a58ea5 call b0bf40 1856->1864 1859->1847 1861 a58bfd-a58c1f call cea5a7 call d0bed0 1859->1861 1861->1849 1874 a58ca7-a58cac 1863->1874 1869 a58eaa 1864->1869 1869->1792 1874->1874 1875 a58cae-a58cd7 call ad8520 1874->1875 1875->1864 1878 a58cdd-a58cfb call a98660 1875->1878 1881 a58cfd 1878->1881 1882 a58cff-a58d17 call a987b0 1878->1882 1881->1882 1885 a58d19 1882->1885 1886 a58d1b-a58d33 call a987b0 1882->1886 1885->1886 1889 a58d35 1886->1889 1890 a58d37-a58d4f call a987b0 1886->1890 1889->1890 1893 a58d51 1890->1893 1894 a58d53-a58d81 call a987b0 call a98540 1890->1894 1893->1894 1899 a58d85-a58e64 call a987b0 call a98660 call a98640 * 2 call a98660 call a98640 * 7 call a98660 call a97100 1894->1899 1900 a58d83 1894->1900 1929 a58e66-a58e67 1899->1929 1930 a58e69-a58e71 1899->1930 1900->1899 1931 a58e73-a58e86 call a95fa0 1929->1931 1930->1931 1932 a58e9b 1930->1932 1931->1863 1935 a58e8c-a58e99 call b0bf40 1931->1935 1932->1864 1935->1792
                                                                                                                                          APIs
                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00A5902E
                                                                                                                                          Strings
                                                                                                                                          • INSERT INTO cookies (creation_utc,host_key,top_frame_site_key,name,value,encrypted_value,path,expires_utc,is_secure,is_httponly,last_access_utc,has_expires,is_persistent,priority,samesite,source_scheme,source_port,is_same_party,last_update_utc) VALUES (?,?,?,?, xrefs: 00A58C85
                                                                                                                                          • \NetWork\Cookies, xrefs: 00A58A0E
                                                                                                                                          • SELECT encrypted_value FROM cookies ORDER BY creation_utc, xrefs: 00A58B7E
                                                                                                                                          • \Cookies, xrefs: 00A589F3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                          • String ID: INSERT INTO cookies (creation_utc,host_key,top_frame_site_key,name,value,encrypted_value,path,expires_utc,is_secure,is_httponly,last_access_utc,has_expires,is_persistent,priority,samesite,source_scheme,source_port,is_same_party,last_update_utc) VALUES (?,?,?,?$SELECT encrypted_value FROM cookies ORDER BY creation_utc$\Cookies$\NetWork\Cookies
                                                                                                                                          • API String ID: 1385522511-4032873462
                                                                                                                                          • Opcode ID: d824d6a878a0097db7a3c0f605f3dd49621008b798f48b527fb027e0b5bf0d4d
                                                                                                                                          • Instruction ID: 44c410f4fb47b0c18e7b258abdbd03116b21e1d3c6289d0817f7f40a9f284915
                                                                                                                                          • Opcode Fuzzy Hash: d824d6a878a0097db7a3c0f605f3dd49621008b798f48b527fb027e0b5bf0d4d
                                                                                                                                          • Instruction Fuzzy Hash: F602FB71A002149FEF249F24CC42FAE77B6BF85701F004598F909BB291DF76AA98CB55
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D446C8 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1938 d446c8-d446d2 1939 d446d4-d446d9 call d4b6aa 1938->1939 1940 d446e2-d446fe call d4fb25 1938->1940 1943 d446de-d446e0 1939->1943 1946 d44700-d44703 1940->1946 1947 d4470a-d4471a call d4f6bd 1940->1947 1945 d44756-d44759 1943->1945 1948 d44705-d44708 1946->1948 1949 d4475a-d44778 call d17e64 call ceb8e0 call d446c8 1946->1949 1954 d4471c-d44730 call d4fb25 1947->1954 1955 d4474b-d44755 call d4f7a3 1947->1955 1948->1947 1948->1949 1968 d4477d-d44783 1949->1968 1963 d44732-d44735 1954->1963 1964 d4473e-d44742 call d4b6aa 1954->1964 1955->1945 1963->1949 1965 d44737-d4473a 1963->1965 1970 d44747-d44749 1964->1970 1965->1955 1969 d4473c 1965->1969 1971 d44785-d44787 1968->1971 1972 d4478c-d447bb call d4f562 call d56728 1968->1972 1969->1949 1970->1955 1973 d448b0-d448b5 call ceb926 1971->1973 1980 d447d5-d447e6 call d4f7dd 1972->1980 1981 d447bd-d447c0 1972->1981 1980->1971 1988 d447e8-d44806 call d56728 1980->1988 1982 d447c7 1981->1982 1983 d447c2-d447c5 1981->1983 1986 d447cc call d17e64 1982->1986 1983->1982 1985 d447d1-d447d3 1983->1985 1985->1971 1985->1980 1986->1985 1992 d44808-d4480b 1988->1992 1993 d44829-d44843 call d440d7 1988->1993 1994 d44812-d44817 1992->1994 1995 d4480d-d44810 1992->1995 2000 d44845-d4484b 1993->2000 2001 d4485f-d44869 1993->2001 1994->1986 1995->1994 1997 d44819-d4481b 1995->1997 1997->1993 1999 d4481d-d44824 call d4f7a3 1997->1999 1999->1971 2000->2001 2005 d4484d-d4485c call d4f7a3 2000->2005 2002 d44892-d448ae call d448b9 2001->2002 2003 d4486b-d44872 2001->2003 2002->1973 2003->2002 2006 d44874-d4487a 2003->2006 2005->2001 2006->2002 2011 d4487c-d44881 2006->2011 2011->2002 2013 d44883-d4488d call d4f7a3 2011->2013 2013->2002
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __cftoe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4189289331-0
                                                                                                                                          • Opcode ID: 642f5d78dc1e2b1d5819de88a117342077d756331ada65344a10eb699abc0420
                                                                                                                                          • Instruction ID: 66380fa9da2185e00c30acc370afee4d03765e94e3d3c5d558fb130d61dd2992
                                                                                                                                          • Opcode Fuzzy Hash: 642f5d78dc1e2b1d5819de88a117342077d756331ada65344a10eb699abc0420
                                                                                                                                          • Instruction Fuzzy Hash: AB512E72900205BBDF249F68CC81FAE77A9EF4A370F284129F92596192DB35CD8186F4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00CEA564 Relevance: 9.1, APIs: 6, Instructions: 63timethreadCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00CEB952
                                                                                                                                            • Part of subcall function 00D0CE2E: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFE720,?,?,00B746EE,?,?,?,00B29E45,?,00DFE720,00000000,00000001), ref: 00D0CE8E
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00CEB96F
                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00CEB987
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00CEB996
                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00CEB99F
                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00CEB9AC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CurrentException@8ThrowTime$CounterDispatcherExceptionFilePerformanceProcessQuerySystemThreadUser
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2758128994-0
                                                                                                                                          • Opcode ID: 59d8bea73be34c7490b2288566f74f17a828a4ace8a2b77bb8b92d2a2382e986
                                                                                                                                          • Instruction ID: bbbd062a5f754e4ce4596c179728c6518f364a71f886ac283f7998214647b7c2
                                                                                                                                          • Opcode Fuzzy Hash: 59d8bea73be34c7490b2288566f74f17a828a4ace8a2b77bb8b92d2a2382e986
                                                                                                                                          • Instruction Fuzzy Hash: D3113D34C0030DEBCF04EBB5E949AAEB7B8EF04310F518566A515E6191EB74AB44DAA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B73250 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 110COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B73364
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B7337F
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B73395
                                                                                                                                          Strings
                                                                                                                                          • boost::interprocess::intermodule_singleton initialization failed, xrefs: 00B7334E
                                                                                                                                          • Boost.Interprocess: Dead reference on non-Phoenix singleton of type, xrefs: 00B73369
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                          • String ID: Boost.Interprocess: Dead reference on non-Phoenix singleton of type$boost::interprocess::intermodule_singleton initialization failed
                                                                                                                                          • API String ID: 2005118841-442782359
                                                                                                                                          • Opcode ID: e219ab295a95e6f179149e50f725b05d93c3065ef82f5e8599b3cc837b620821
                                                                                                                                          • Instruction ID: 64091e4aad4ad4e69f6222f52b690c1aab873b2b54bc56d91170417968dfd34a
                                                                                                                                          • Opcode Fuzzy Hash: e219ab295a95e6f179149e50f725b05d93c3065ef82f5e8599b3cc837b620821
                                                                                                                                          • Instruction Fuzzy Hash: 3E31D230A102189FDB21DF65C842BAEB3F5FF54B10F20456EE859E7281DB709A44DB95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B72740 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00B72560: RegOpenKeyExA.KERNELBASE(5A381189,?,00000000,5A381189,5A381189,5A381189,5A381189,5A381189,00B72769,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,Common AppData,5A381189,?), ref: 00B725BA
                                                                                                                                            • Part of subcall function 00B72560: RegQueryValueExA.KERNELBASE(?,00000000,00000000,?,00000000,?), ref: 00B725E1
                                                                                                                                            • Part of subcall function 00B72560: RegQueryValueExA.KERNELBASE(80000002,80000002,00000000,?,80000002,?,?,00000000), ref: 00B72644
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00B6D04E,00000000), ref: 00B7278F
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B727B4
                                                                                                                                          Strings
                                                                                                                                          • /boost_interprocess, xrefs: 00B72774
                                                                                                                                          • Common AppData, xrefs: 00B72755
                                                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00B7275A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: QueryValue$ErrorException@8LastOpenThrow
                                                                                                                                          • String ID: /boost_interprocess$Common AppData$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                          • API String ID: 673508161-2101553657
                                                                                                                                          • Opcode ID: a1fb4bd7a1d7bd9ddb2e532481f33ce6648c44f31197f2420fcc7eb0e1a60a07
                                                                                                                                          • Instruction ID: ed31ffbf9b39ece46c44e9da1229f78a7981447c8960d0c604c61676c381f3e0
                                                                                                                                          • Opcode Fuzzy Hash: a1fb4bd7a1d7bd9ddb2e532481f33ce6648c44f31197f2420fcc7eb0e1a60a07
                                                                                                                                          • Instruction Fuzzy Hash: 0FF0A435A90218BBCB10FBA1DC12FFE73B8EF15700F410599B91976182EF606A09C7A6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4B72A Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$AllocateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3033488037-0
                                                                                                                                          • Opcode ID: fd22ceea427703e9571d6ca6d5e74a4a5dc736199ae59f88209f9b53abb1f69a
                                                                                                                                          • Instruction ID: 92a4c83de88a5f3904526cb3a9c8fb2689bf36ba8182e9a4ac63f19b18620ff1
                                                                                                                                          • Opcode Fuzzy Hash: fd22ceea427703e9571d6ca6d5e74a4a5dc736199ae59f88209f9b53abb1f69a
                                                                                                                                          • Instruction Fuzzy Hash: 1B51C471A00705AFDB20DF65DC81B6A77F8EF68730F18016EE849D7260E731E9418BA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B72560 Relevance: 6.1, APIs: 4, Instructions: 139registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExA.KERNELBASE(5A381189,?,00000000,5A381189,5A381189,5A381189,5A381189,5A381189,00B72769,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,Common AppData,5A381189,?), ref: 00B725BA
                                                                                                                                          • RegQueryValueExA.KERNELBASE(?,00000000,00000000,?,00000000,?), ref: 00B725E1
                                                                                                                                          • RegQueryValueExA.KERNELBASE(80000002,80000002,00000000,?,80000002,?,?,00000000), ref: 00B72644
                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00B6D04E,00000000,5A381189,?), ref: 00B726AE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: QueryValue$CloseOpen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1586453840-0
                                                                                                                                          • Opcode ID: d502a979f7ab8606fcb981f5fe22d652669f6213625a8029e16ecd85d31ea9fd
                                                                                                                                          • Instruction ID: 0cd516bf037dada03b0254adbb54baeb2295ab5df708201c7f18bec646b7043b
                                                                                                                                          • Opcode Fuzzy Hash: d502a979f7ab8606fcb981f5fe22d652669f6213625a8029e16ecd85d31ea9fd
                                                                                                                                          • Instruction Fuzzy Hash: C8517D71A00209AFDF15CF58DD80BAEB7FAFF49300F24456AE525E7290D771A941CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4F360 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _strrchr
                                                                                                                                          • String ID: list<T> too long
                                                                                                                                          • API String ID: 3213747228-4027344264
                                                                                                                                          • Opcode ID: 45d89c2bdc27c604a4549ea370ff10db37ddce82f8c85401ecf65227a78498c6
                                                                                                                                          • Instruction ID: ec746e9c8e352aebdd047e559a3c90234193e1f668c6ab3a3d15388d7731903f
                                                                                                                                          • Opcode Fuzzy Hash: 45d89c2bdc27c604a4549ea370ff10db37ddce82f8c85401ecf65227a78498c6
                                                                                                                                          • Instruction Fuzzy Hash: 8E51BE71A002189FDB24DB64DC41BEAB7F8FF48304F1481A9E55997281EF75AA84CFE0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5D8FA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,00D5DB9B,?,00000050,?,?,?,?,?), ref: 00D5D9D5
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                          • API String ID: 0-711371036
                                                                                                                                          • Opcode ID: 791a78b0704748c58c5c14d0ed126ed0489753f1f19f84b518ad5b924530a89e
                                                                                                                                          • Instruction ID: 435c9c02378d13104af86d0448cd28cdb786f1ff8caf4d0bd8556875589de089
                                                                                                                                          • Opcode Fuzzy Hash: 791a78b0704748c58c5c14d0ed126ed0489753f1f19f84b518ad5b924530a89e
                                                                                                                                          • Instruction Fuzzy Hash: F921C162A10101A6DF349A54C901BA773ABEB95B67B1A4424ED4AD7205F732DE08CFB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4B0B6 Relevance: 4.8, APIs: 3, Instructions: 341COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D5DAE1: IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00D4B266,?,?,?,?,00D4ABA8,?,00000004), ref: 00D5DBC3
                                                                                                                                            • Part of subcall function 00D17E64: IsProcessorFeaturePresent.KERNEL32(00000017,00D17E36,00000000,00000000,?,000000FF,00D8E550,00000016,?,?,00D17E43,00000000,00000000,00000000,00000000,00000000), ref: 00D17E66
                                                                                                                                            • Part of subcall function 00D17E64: GetCurrentProcess.KERNEL32(C0000417), ref: 00D17E88
                                                                                                                                            • Part of subcall function 00D17E64: TerminateProcess.KERNEL32(00000000), ref: 00D17E8F
                                                                                                                                            • Part of subcall function 00D440D7: RtlEnterCriticalSection.NTDLL(-00E3B4F0), ref: 00D440E6
                                                                                                                                          • _free.LIBCMT ref: 00D4B46C
                                                                                                                                            • Part of subcall function 00D4F7A3: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000), ref: 00D4F7B9
                                                                                                                                            • Part of subcall function 00D4F7A3: GetLastError.KERNEL32(00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000,00000000), ref: 00D4F7CB
                                                                                                                                          • _free.LIBCMT ref: 00D4B4C1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Process_free$CodeCriticalCurrentEnterErrorFeatureFreeHeapLastPagePresentProcessorSectionTerminateValid
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1579271482-0
                                                                                                                                          • Opcode ID: e2bd9975b7906ec4af55ce9cf69f055b1605de67e7d431123d5d348a78b82b50
                                                                                                                                          • Instruction ID: 69cec3001e6488290f59e29d07b98a9b8e784da621b603edf21793b87b8edb0f
                                                                                                                                          • Opcode Fuzzy Hash: e2bd9975b7906ec4af55ce9cf69f055b1605de67e7d431123d5d348a78b82b50
                                                                                                                                          • Instruction Fuzzy Hash: 6DB1B4319002169BDF24AF65CC81BFE73B9EF24364F0844AAED4996151EB71DE81CB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D539EB Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _free.LIBCMT ref: 00D53A5E
                                                                                                                                          • _free.LIBCMT ref: 00D53AB4
                                                                                                                                            • Part of subcall function 00D53890: _free.LIBCMT ref: 00D538E8
                                                                                                                                            • Part of subcall function 00D53890: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00DC6560), ref: 00D538FA
                                                                                                                                            • Part of subcall function 00D53890: WideCharToMultiByte.KERNEL32(00000000,00000000,W. Europe Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 00D53972
                                                                                                                                            • Part of subcall function 00D53890: WideCharToMultiByte.KERNEL32(00000000,00000000,W. Europe Summer Time,000000FF,?,0000003F,00000000,?), ref: 00D5399F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 314583886-0
                                                                                                                                          • Opcode ID: b5ee11dd457a3f4c8f7d2c7ad7803ea75afb399127441597aa1dac2737596ac3
                                                                                                                                          • Instruction ID: 05fe8003aebaf278a97fd2593c198b44743848a9b687ff4d63722befa707a151
                                                                                                                                          • Opcode Fuzzy Hash: b5ee11dd457a3f4c8f7d2c7ad7803ea75afb399127441597aa1dac2737596ac3
                                                                                                                                          • Instruction Fuzzy Hash: C6212973C001295BCF30A7659C85EEAB768CB91361F1503A5ECD4A31A1EA30CF8D86B0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4DE75 Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000,00000000,00C5311F,?,00D4DCAA,00C5311F,00E1F430,0000000C), ref: 00D4DECB
                                                                                                                                          • GetLastError.KERNEL32(?,00D4DCAA,00C5311F,00E1F430,0000000C), ref: 00D4DED5
                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D4DF00
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 490808831-0
                                                                                                                                          • Opcode ID: 7695ff48ecdb5e8f10afdb8164700397a13fdee91df1d677d551ea16438f6d28
                                                                                                                                          • Instruction ID: 5ca23587e8fcba967bfefd508b49f23a5b8957ac03c404ce523445209136363d
                                                                                                                                          • Opcode Fuzzy Hash: 7695ff48ecdb5e8f10afdb8164700397a13fdee91df1d677d551ea16438f6d28
                                                                                                                                          • Instruction Fuzzy Hash: EB010832A0465017DB362734BC59B7E77568B92B34F3D0229FD659F1D1DB60CC854274
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D2F73B Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateThread.KERNELBASE(00BB23F0,0000000C,00D2F465,00000000,00000000,00BB23F0), ref: 00D2F784
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00C5381C,00000000,00000000,0000000C,00BAC4DF,00000000,00BB23F4,00000000), ref: 00D2F790
                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D2F797
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2744730728-0
                                                                                                                                          • Opcode ID: 9d4effd95d74acea8cf36b2b986a957c7b93009707423888f4aa44dec9cca6bc
                                                                                                                                          • Instruction ID: ed9d9efca138390b0c0b3b9f8d6eb572de4d61008100ca3a9d3a67620d71a264
                                                                                                                                          • Opcode Fuzzy Hash: 9d4effd95d74acea8cf36b2b986a957c7b93009707423888f4aa44dec9cca6bc
                                                                                                                                          • Instruction Fuzzy Hash: 4801653650822AABCB11AFA1FC059AB3B79EF91324B050879F91587220DB31C8528AB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D43EC0 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointerEx.KERNELBASE(00000000,00000000,00000001,00000000,00D4C89A,00000001,00000000,?,?,?,00D44048,00000000,00000000,00000001,00D4C89A), ref: 00D43EF9
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00D44048,00000000,00000000,00000001,00D4C89A,?,00D4C89A,00000001,00000000,00000000,00000001,00000000,00001000), ref: 00D43F03
                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D43F0A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                          • Opcode ID: 56219a3c2397581c748399868c3d5038e86144472522bf2f6e12704c566f841b
                                                                                                                                          • Instruction ID: 25e129780eb2196b9708e3916970215e1881923607e96eb541632d5184547e03
                                                                                                                                          • Opcode Fuzzy Hash: 56219a3c2397581c748399868c3d5038e86144472522bf2f6e12704c566f841b
                                                                                                                                          • Instruction Fuzzy Hash: E801F532615118ABCB158FA9EC058AE7B29DF85321B280259F915972D0EB31DE418BB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4F030 Relevance: 3.3, APIs: 2, Instructions: 264COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,5A381189), ref: 00A4F215
                                                                                                                                          • _strrchr.LIBCMT ref: 00A4F23D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileModuleName_strrchr
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1375183968-0
                                                                                                                                          • Opcode ID: bf98aac2984ad4c2f08f710b01505ce619c447897178393ef700ec32e3e73fed
                                                                                                                                          • Instruction ID: f1f77d871f18a82ca001d2f2aa90d77f8f484c7286a4b7191600f78902bc00ee
                                                                                                                                          • Opcode Fuzzy Hash: bf98aac2984ad4c2f08f710b01505ce619c447897178393ef700ec32e3e73fed
                                                                                                                                          • Instruction Fuzzy Hash: B6813D715006048FE72CCB38DC89BEEB7B5EF85304F1486ACE1569BAD2D775E9848B90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B3B730 Relevance: 3.2, APIs: 2, Instructions: 163COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___std_type_info_name.LIBVCRUNTIME ref: 00B3B770
                                                                                                                                            • Part of subcall function 00D0CD6B: ___unDName.LIBVCRUNTIME ref: 00D0CD97
                                                                                                                                          • ___std_type_info_name.LIBVCRUNTIME ref: 00B3B7CC
                                                                                                                                            • Part of subcall function 00B31880: OpenEventLogA.ADVAPI32(00000000,System), ref: 00B318E3
                                                                                                                                            • Part of subcall function 00B31880: CloseEventLog.ADVAPI32(00000000), ref: 00B3191B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Event___std_type_info_name$CloseNameOpen___un
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3858613266-0
                                                                                                                                          • Opcode ID: 331d5262a3d7256775e5085468f750e46112c346774ce7543c2cd910ac7996e0
                                                                                                                                          • Instruction ID: caee3cbc11391311f03647f357ef9da38d4e6ebc7d61de3a1e8740d5d160c8a1
                                                                                                                                          • Opcode Fuzzy Hash: 331d5262a3d7256775e5085468f750e46112c346774ce7543c2cd910ac7996e0
                                                                                                                                          • Instruction Fuzzy Hash: 9C617871D003489BDB20DFA8D841BDEBBF4EF48310F24416AE959B7381EB74A944CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B79A40 Relevance: 3.1, APIs: 2, Instructions: 136COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(?,5A381189,5A38118A,00DD6EFC,00000001,00000000,?,?,?,?,?,?,?,?,?,5A381189), ref: 00B79B4E
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B79BB1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorException@8LastThrow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1006195485-0
                                                                                                                                          • Opcode ID: fbe02059bdb85c2698ff1def2fb29db503958eec9bb12a067c786f69cff082e2
                                                                                                                                          • Instruction ID: 8b1abc3aacee53a479c0d09d499044823575da339d23e69bcf32dd5c969e62a1
                                                                                                                                          • Opcode Fuzzy Hash: fbe02059bdb85c2698ff1def2fb29db503958eec9bb12a067c786f69cff082e2
                                                                                                                                          • Instruction Fuzzy Hash: A941F371A00208AFDB05DFA4D891FFEB7F8EB48710F10856AF5266B281DB716A44CB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D2F465 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00E1F080,00000010), ref: 00D2F478
                                                                                                                                          • RtlExitUserThread.NTDLL(00000000), ref: 00D2F47F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorExitLastThreadUser
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1750398979-0
                                                                                                                                          • Opcode ID: 700dc66f2b9e4aad21b7459acb2394f15980039ae2757c48a5922ed0ebd40283
                                                                                                                                          • Instruction ID: b109d2418f7d5a4076ba4df6ed92ba6b465db97fc81e86aebb78e84869f28921
                                                                                                                                          • Opcode Fuzzy Hash: 700dc66f2b9e4aad21b7459acb2394f15980039ae2757c48a5922ed0ebd40283
                                                                                                                                          • Instruction Fuzzy Hash: 8CF0AF75A00314AFDB00AFB0E90AA6D7775FF08720F14046AF805A7292CB716941DBB1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A715E0 Relevance: 1.7, APIs: 1, Instructions: 218COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNELBASE(00E3C594,00000000,00B0AF3D,?,?,?,?,?,?,00000000), ref: 00A71601
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: 5238c3b2d11c4091c45bd04f34027ddf34499283d05dce37311a251d01413eec
                                                                                                                                          • Instruction ID: 837487981188a94ec5fa6a821dc9340233279a5ba58f05260e2974d7a867d675
                                                                                                                                          • Opcode Fuzzy Hash: 5238c3b2d11c4091c45bd04f34027ddf34499283d05dce37311a251d01413eec
                                                                                                                                          • Instruction Fuzzy Hash: 20818274A012118FE73C9B2AEC49625BBE5BB45745B2CC579D80DBB211E731D88B8F83
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D54810 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                          • Opcode ID: aa1ed2821d1585c71b6b80cd0a5f4718a3cd7a8c61785625fe0a86d26e5bfe71
                                                                                                                                          • Instruction ID: f6863eca04c906041965bf31665858c60153450021252e1d628e06146c55b123
                                                                                                                                          • Opcode Fuzzy Hash: aa1ed2821d1585c71b6b80cd0a5f4718a3cd7a8c61785625fe0a86d26e5bfe71
                                                                                                                                          • Instruction Fuzzy Hash: 91118871A0420DAFCF05CF58E84099A3BF9EB49304F100059FC18AB301D730ED258BA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D2A828 Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 98de2915e44a8fd647e2e8dd915eb80d6f233235b7877407d7c36dff6a277fab
                                                                                                                                          • Instruction ID: 0d1b766ebbec45ccc214dc1980f991365ac3427bbf822b4160e1e5ff9a8b04ef
                                                                                                                                          • Opcode Fuzzy Hash: 98de2915e44a8fd647e2e8dd915eb80d6f233235b7877407d7c36dff6a277fab
                                                                                                                                          • Instruction Fuzzy Hash: 76F02D33505B3067DA223A2DFC0576B7698DF52339F140715F868922D1CB74D84B8AB3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4F6BD Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,00000000,00000000), ref: 00D4F6FE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                          • Opcode ID: ae8887eceb26032daee752db37d24c8ba364dab96a483305fcd598cdb6412dcd
                                                                                                                                          • Instruction ID: 7edbe0acd7e50aa00772697023092ad4c663ca2c5dc7e1bb76b631a55bb84c6f
                                                                                                                                          • Opcode Fuzzy Hash: ae8887eceb26032daee752db37d24c8ba364dab96a483305fcd598cdb6412dcd
                                                                                                                                          • Instruction Fuzzy Hash: F0F0E2326042256BEF211B32DC45B6B3798FF917B0F2A8036F818E61B0DB24DC0186F1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4AB54 Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F6BD: RtlAllocateHeap.NTDLL(00000008,00000000,00000000), ref: 00D4F6FE
                                                                                                                                          • _free.LIBCMT ref: 00D4AB74
                                                                                                                                            • Part of subcall function 00D4F7A3: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000), ref: 00D4F7B9
                                                                                                                                            • Part of subcall function 00D4F7A3: GetLastError.KERNEL32(00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000,00000000), ref: 00D4F7CB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 314386986-0
                                                                                                                                          • Opcode ID: 42b2c5833da45c91ff7f23e67a07af988fd36a49bea04a3d6d1d75ccff21e8eb
                                                                                                                                          • Instruction ID: d3993b3d667aee705f4e9ac09a85fa3a12307a9f6b7046d16bacf3bb7bd821a6
                                                                                                                                          • Opcode Fuzzy Hash: 42b2c5833da45c91ff7f23e67a07af988fd36a49bea04a3d6d1d75ccff21e8eb
                                                                                                                                          • Instruction Fuzzy Hash: 0DF03C72A40215AFD310EF68C442B5AB7F4EB48710F114166E918DB341E771A9108BE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4F7DD Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00D4F80F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                          • Opcode ID: 576911c0ead37dcdfc0f676dc4301d863c0f5e82697271ba0a57bdb4ddff1ee4
                                                                                                                                          • Instruction ID: 8f73b1859a86061c41bd086e13f21fa8c0892404f2d7d15783f1ebec7aca9232
                                                                                                                                          • Opcode Fuzzy Hash: 576911c0ead37dcdfc0f676dc4301d863c0f5e82697271ba0a57bdb4ddff1ee4
                                                                                                                                          • Instruction Fuzzy Hash: F4E092B11052256FEB212B66AD15B6B7A58DFC1BB0F1E4232FC58BA1F1DB24DC0182F1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4E51F Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00D4EAAA,?,?,00000000,?,00D4EAAA,00000000,0000000C), ref: 00D4E53C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateFile
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                          • Opcode ID: a96d3276b851396177770e1a61e8937ad1d9b688a594ab1f6b543e4d0c16a6ef
                                                                                                                                          • Instruction ID: d9569ab280158fd92fa030689a98be9dce32ac6d1457114712a87dcd650ae34a
                                                                                                                                          • Opcode Fuzzy Hash: a96d3276b851396177770e1a61e8937ad1d9b688a594ab1f6b543e4d0c16a6ef
                                                                                                                                          • Instruction Fuzzy Hash: 25D06C3200020DBBDF028F84ED06EDA3BAAFB48724F014001BA18A6120C732E861AB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 00B9B140 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 416networkfileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InternetOpenA.WININET(00E2969C,00000000,00000000,00000000,00000000), ref: 00B9B22B
                                                                                                                                          • InternetConnectA.WININET(00000000,00000000,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00B9B257
                                                                                                                                          • HttpOpenRequestA.WININET(00000000,00DA6360,00000018,HTTP/1.1,00000000,00000000,?,00000000), ref: 00B9B2AE
                                                                                                                                          • HttpSendRequestA.WININET(?,00000030,?,00000048,?), ref: 00B9B2F3
                                                                                                                                          • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00B9B313
                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00B9B31E
                                                                                                                                          • HttpQueryInfoA.WININET(?,20000013,00000000,?,00000000), ref: 00B9B344
                                                                                                                                          • HttpQueryInfoA.WININET(?,00000016,00000000,00000004,00000000), ref: 00B9B383
                                                                                                                                          • HttpQueryInfoA.WININET(?,00000016,00000003,00000004,00000000), ref: 00B9B3A5
                                                                                                                                          • InternetReadFile.WININET(?,00000001,00000000,00000004), ref: 00B9B3D9
                                                                                                                                          • GetLastError.KERNEL32(Send http request failed,00000018,?,?,00000000,00D7DBE8,000000FF,?,00A482CD,00000000,00000000,?,?,?,00DD6E20,00000000), ref: 00B9B436
                                                                                                                                          • InternetCloseHandle.WININET(0824548B), ref: 00B9B500
                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00B9B50C
                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00B9B515
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Internet$Http$CloseHandleInfoQuery$ErrorLastOpenRequest$ConnectFileOptionReadSend
                                                                                                                                          • String ID: GET$HTTP/1.1$POST$Send http request failed
                                                                                                                                          • API String ID: 3318242136-474784101
                                                                                                                                          • Opcode ID: 4dd1097732018ff6325721f547ca9e16d8346c4499577330a4016c40ba3575e6
                                                                                                                                          • Instruction ID: d204ed131a00fa41de7695efd9a4f8e39f0ed1ae8733c83631a9ed582f9d4fea
                                                                                                                                          • Opcode Fuzzy Hash: 4dd1097732018ff6325721f547ca9e16d8346c4499577330a4016c40ba3575e6
                                                                                                                                          • Instruction Fuzzy Hash: B4F13770A00209DFEF14CFA4D945BAEBBF5FF48714F14816AE905AB391DB71A944CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A48BE0 Relevance: 30.4, APIs: 14, Strings: 3, Instructions: 678synchronizationfileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OpenMutexW.KERNEL32(001F0001,00000000,GLOBAL/{C5FD4B75-0292-4B34-9408-0B6CFB5FAE48}), ref: 00A48C44
                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,GLOBAL/{C5FD4B75-0292-4B34-9408-0B6CFB5FAE48}), ref: 00A48C5D
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00A48C72
                                                                                                                                          • FindFirstFileA.KERNEL32(00000001,?,00000000), ref: 00A48C9E
                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A48CAE
                                                                                                                                          • DeleteFileA.KERNEL32(00000001), ref: 00A48E59
                                                                                                                                          • ReleaseMutex.KERNEL32(00000000), ref: 00A48E75
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A48E7E
                                                                                                                                          • ReleaseMutex.KERNEL32(000000FF), ref: 00A48E82
                                                                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 00A48E86
                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00A48F6A
                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00A493ED
                                                                                                                                          • _strrchr.LIBCMT ref: 00A49415
                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00A49499
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Mutex$CloseFile$FindHandleInit_thread_footerRelease$CreateDeleteFirstModuleNameObjectOpenSingleWait_strrchr
                                                                                                                                          • String ID: GLOBAL/{C5FD4B75-0292-4B34-9408-0B6CFB5FAE48}$http://$https://
                                                                                                                                          • API String ID: 1341531435-1990851266
                                                                                                                                          • Opcode ID: 41d988e95d01be7c054abacf042030a3e079763e1b1c2796c6a100302438298e
                                                                                                                                          • Instruction ID: a86fd66ecd2035ba8b47ddb2bf3872761555aeac76122646d39853908daa9698
                                                                                                                                          • Opcode Fuzzy Hash: 41d988e95d01be7c054abacf042030a3e079763e1b1c2796c6a100302438298e
                                                                                                                                          • Instruction Fuzzy Hash: DE321475A001089FDB18DF68EC86BDEB7B5EF89310F248259F415E72D1DB30A985CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B27A00 Relevance: 27.5, APIs: 18, Instructions: 516COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetFileSizeEx.KERNEL32(FFFFFFFF,?,5A381189,?,00000000), ref: 00B27E00
                                                                                                                                          • GetSystemInfo.KERNEL32(00000000,FFFFFFFF,-C0000000,00000000,00000000,00000000,00000000,000000FF), ref: 00B27EDE
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B2816F
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B2819B
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B281C8
                                                                                                                                            • Part of subcall function 00B37BE0: UnmapViewOfFile.KERNEL32(?,?,00B280DA,?,?,?,00000000,FFFFFFFF,-C0000000,00000000,00000000,00000000,00000000,000000FF), ref: 00B37BED
                                                                                                                                            • Part of subcall function 00B37BE0: CloseHandle.KERNEL32(?,?,00B280DA,?,?,?,00000000,FFFFFFFF,-C0000000,00000000,00000000,00000000,00000000,000000FF), ref: 00B37C02
                                                                                                                                            • Part of subcall function 00B380A0: CloseHandle.KERNEL32(00000000,?,00B280E2,?,?,?,00000000,FFFFFFFF,-C0000000,00000000,00000000,00000000,00000000,000000FF), ref: 00B380AB
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B281F4
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B28220
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B2824A
                                                                                                                                            • Part of subcall function 00B2A350: GetFileSizeEx.KERNEL32(00000000,00DFDA24,74DF3370,00000000,?,00DFDA24,00000000,00000013,00000000,00000000,00000000,00000000,00000000,?,00DFDA24,?), ref: 00B2A36F
                                                                                                                                            • Part of subcall function 00B2A350: SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000), ref: 00B2A396
                                                                                                                                            • Part of subcall function 00B2A350: WriteFile.KERNEL32(00000000,00E39D40,?,?,00000000,00000000), ref: 00B2A3C8
                                                                                                                                            • Part of subcall function 00B1ABD0: CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00B1ACA0
                                                                                                                                            • Part of subcall function 00B1ABD0: GetLastError.KERNEL32 ref: 00B1ACAD
                                                                                                                                            • Part of subcall function 00B1ABD0: __CxxThrowException@8.LIBVCRUNTIME ref: 00B1AE87
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$File$CloseHandleSize$CreateErrorInfoLastMappingPointerSystemUnmapViewWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4286134814-0
                                                                                                                                          • Opcode ID: 82729602053e4f3dc59a3fa203d797046bc2dbae5d4de4d15c08d4ae28c6f075
                                                                                                                                          • Instruction ID: 2472fe2244e5fbb7c70735961b8394b41717552545758b0e1f1136875bd304cc
                                                                                                                                          • Opcode Fuzzy Hash: 82729602053e4f3dc59a3fa203d797046bc2dbae5d4de4d15c08d4ae28c6f075
                                                                                                                                          • Instruction Fuzzy Hash: BB22A0719442299BDB24EB64DC95BEEB7B9EF14300F1041E9E50DB7281DB70AE88CF64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A67F40 Relevance: 24.0, APIs: 2, Strings: 11, Instructions: 1223COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: -$-x0$0000$0000$0123456789ABCDEF0123456789abcdef$Inf$NaN$VUUU$VUUU$gfff$name
                                                                                                                                          • API String ID: 0-1268102509
                                                                                                                                          • Opcode ID: 97ac15ec841fbddda9eac56ba076de48de3506d7a93a1de015a942ef95470f5b
                                                                                                                                          • Instruction ID: f216e35fdf4a56375b5578748b3898d6c8235f51aab1359b436c4973819617c0
                                                                                                                                          • Opcode Fuzzy Hash: 97ac15ec841fbddda9eac56ba076de48de3506d7a93a1de015a942ef95470f5b
                                                                                                                                          • Instruction Fuzzy Hash: E9A2C0719087818BD716CF28C45026BBBFAAFDA344F184B5EE4C69B351DB39D886C742
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B7E360 Relevance: 19.6, APIs: 3, Strings: 8, Instructions: 309COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00B71330: SwitchToThread.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B71368
                                                                                                                                            • Part of subcall function 00B71330: Sleep.KERNEL32(00000001,00000000,?,-0000001F,00000000,00000000), ref: 00B71377
                                                                                                                                            • Part of subcall function 00B71330: SwitchToThread.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B713D4
                                                                                                                                            • Part of subcall function 00B71330: Sleep.KERNEL32(00000001,00000000,?,-0000001F,00000000,00000000), ref: 00B713E3
                                                                                                                                            • Part of subcall function 00B71330: GetProcAddress.KERNEL32(00000000,00000000), ref: 00B7142A
                                                                                                                                            • Part of subcall function 00B6CFB0: CreateFileA.KERNEL32(5A38118A,?,00000007,00000002,5A381189,00000000,00000000,?,00000000,5A381189,?,00B7E3C5,?,80010000,00000003,00000000), ref: 00B6CFD7
                                                                                                                                            • Part of subcall function 00B6CFB0: GetLastError.KERNEL32(?,00B7E3C5,?,80010000,00000003,00000000,00000000,00000002,00000000,5A381189,?,5A38118A,5A381189), ref: 00B6CFE2
                                                                                                                                            • Part of subcall function 00B6CFB0: Sleep.KERNEL32(000000FA,?,00B7E3C5,?,80010000,00000003,00000000,00000000,00000002,00000000,5A381189,?,5A38118A,5A381189), ref: 00B6CFEE
                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,5A381189,?,5A38118A,5A381189), ref: 00B7E47F
                                                                                                                                            • Part of subcall function 00B71330: GetModuleHandleA.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B71406
                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,5A381189,?,5A38118A,5A381189), ref: 00B7E59A
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,5A381189,?,5A38118A,5A381189), ref: 00B7E78A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: HandleSleep$CloseSwitchThread$AddressCreateCurrentErrorFileLastModuleProcProcess
                                                                                                                                          • String ID: 0$2$4$6$8$A$C$E
                                                                                                                                          • API String ID: 3935141006-2236359027
                                                                                                                                          • Opcode ID: de9efb7877c1918ae43c5f350259c8fc8aef65149b155ea754100028f7f7e47c
                                                                                                                                          • Instruction ID: 27addd1ce1f58dc0b056256269ae861654dece9543192fad4487833989dcfb63
                                                                                                                                          • Opcode Fuzzy Hash: de9efb7877c1918ae43c5f350259c8fc8aef65149b155ea754100028f7f7e47c
                                                                                                                                          • Instruction Fuzzy Hash: 58D16BB0D002199FDB15CFA9C885BEDBBF4FF08304F1081AAE519AB241E775AA45CF95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B6D7E0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 310fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,\*.*,00000004,5A38118A,?,?,5A381189,5A381189), ref: 00B6D8D6
                                                                                                                                          • FindClose.KERNEL32(?,?,?), ref: 00B6DAB6
                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 00B6DAE6
                                                                                                                                          • FindClose.KERNEL32(?), ref: 00B6DAFA
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B6DB00
                                                                                                                                          • RemoveDirectoryA.KERNEL32(5A38118A), ref: 00B6DB1A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Find$CloseFile$DirectoryErrorFirstLastNextRemove
                                                                                                                                          • String ID: .$\*.*
                                                                                                                                          • API String ID: 2672830538-3701014519
                                                                                                                                          • Opcode ID: 2216c258ac8b6fbdeb9892555d257c02ab3dac18a66737626d358e3be1df3393
                                                                                                                                          • Instruction ID: 5ef8333092d2cba56eedc09cf77a66f3960a879adcacf5148f32577476b3d9c7
                                                                                                                                          • Opcode Fuzzy Hash: 2216c258ac8b6fbdeb9892555d257c02ab3dac18a66737626d358e3be1df3393
                                                                                                                                          • Instruction Fuzzy Hash: 19C1FF71E04288DBEF25CFA8CC44BEDBBB5FF45304F144299E445A7282D7799A84CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B0E020 Relevance: 14.3, Strings: 11, Instructions: 507COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: %s mode not allowed: %s$access$cach$cache$file$invalid uri authority: %.*s$lhos$loca$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                          • API String ID: 0-436710958
                                                                                                                                          • Opcode ID: 91ce87c0544efe04da3d5330f52830ccef832dd5a407d6be83cd548462e17a77
                                                                                                                                          • Instruction ID: 75ea578114f540314b09df52349cd05f7b784a78e6f17102fa35da23fdd36c78
                                                                                                                                          • Opcode Fuzzy Hash: 91ce87c0544efe04da3d5330f52830ccef832dd5a407d6be83cd548462e17a77
                                                                                                                                          • Instruction Fuzzy Hash: 320223715083414FEB258E24C89076ABFE2EF96318F184EDDE8B9572C2D735D849C792
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A59160 Relevance: 10.1, Strings: 7, Instructions: 1357COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                          • String ID: DELETE * FROM cookies$DELETE * FROM cookies where %s like "%s"$UPDATE cookies set %s = "%s" where %s="%s";$UPDATE cookies set %s="%s" where %s="%s";$UPDATE moz_cookies set %s="%s" where %s="%s";$\Cookies$\NetWork\Cookies
                                                                                                                                          • API String ID: 626452242-1370235648
                                                                                                                                          • Opcode ID: 102bd091823a3f0ef127684761f9e83955f8ba2c9b81d2cb4a0005e8a770337e
                                                                                                                                          • Instruction ID: 34f905c5cc6cc457ceda8c59c378d62e60fa0900ef1ebfa988caa028fc262a4f
                                                                                                                                          • Opcode Fuzzy Hash: 102bd091823a3f0ef127684761f9e83955f8ba2c9b81d2cb4a0005e8a770337e
                                                                                                                                          • Instruction Fuzzy Hash: F0A22671A00118DFDB14DB64CC85B9EB776FF84315F1046A8F905AB2D2E734AE88CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B38130 Relevance: 9.1, APIs: 6, Instructions: 113memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 00B38185
                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00B38208
                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00B3820F
                                                                                                                                          • CloseHandle.KERNEL32(?,5A381189,?,00DA43A8,00B746EE,000000FF,00B248BB,00DA43A8,00B29F3B), ref: 00B38239
                                                                                                                                          • CloseHandle.KERNEL32(00B746DA), ref: 00B3823E
                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00B38243
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseHandle$Heap$FreeProcess___std_exception_destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2038999615-0
                                                                                                                                          • Opcode ID: 3d0c7e2cd77c98140daa94305d660249f402d3e96fd0b534ec55e85c3e2e7fb2
                                                                                                                                          • Instruction ID: 5d7d8300b6785c7e2a010acc259b40368a01ec1a42bc821bbe4a0c8e1584b9f7
                                                                                                                                          • Opcode Fuzzy Hash: 3d0c7e2cd77c98140daa94305d660249f402d3e96fd0b534ec55e85c3e2e7fb2
                                                                                                                                          • Instruction Fuzzy Hash: 9431E671A007049FDB149F58EC84B5BBBE5EF09320F2406ADF5599B791DB70AC448BA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5E263 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,00D5E582,?,00000000), ref: 00D5E2FC
                                                                                                                                          • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,00D5E582,?,00000000), ref: 00D5E325
                                                                                                                                          • GetACP.KERNEL32(?,?,00D5E582,?,00000000), ref: 00D5E33A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoLocale
                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                          • Opcode ID: d76506d7cf1eadbf9bae209635c5c7b51bbea6cecf88d41870db3cace8626497
                                                                                                                                          • Instruction ID: 4aecd96c6271a946d2f81cc8161b2005de13869e8f0768a5aa5b9b19e89d22ca
                                                                                                                                          • Opcode Fuzzy Hash: d76506d7cf1eadbf9bae209635c5c7b51bbea6cecf88d41870db3cace8626497
                                                                                                                                          • Instruction Fuzzy Hash: 4F21A332600101AAEF3CAF55C904AAB73AAEB54B63F5A4568EC0AD7204E732DF45C774
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5E437 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F5C1
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5CE
                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 00D5E543
                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 00D5E59E
                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 00D5E5AD
                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,00D4B25F,00000040,?,00D4B37F,00000055,00000000,?,?,00000055,00000000), ref: 00D5E5F5
                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00D4B2DF,00000040), ref: 00D5E614
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 745075371-0
                                                                                                                                          • Opcode ID: 993445d1d36f88bb419be0f0b5544cc0263cbf0632cd38f25341bd780958876d
                                                                                                                                          • Instruction ID: 7a1223164c2ba09ce7dafc0c1fc6b2a1407f6b8e01344e9f864342f76482b4cb
                                                                                                                                          • Opcode Fuzzy Hash: 993445d1d36f88bb419be0f0b5544cc0263cbf0632cd38f25341bd780958876d
                                                                                                                                          • Instruction Fuzzy Hash: 4F516F72A002059BDF28EFA5DC45ABE77B9EF04706F09442AED54E7151F770DA088B71
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A92F20 Relevance: 5.7, Strings: 4, Instructions: 669COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: %.4c%s%.16c$-mj%06X9%02X$MJ collide: %s$MJ delete: %s
                                                                                                                                          • API String ID: 0-4294478755
                                                                                                                                          • Opcode ID: f60b5da22a2aae10d4f3548d07580bdbee87200516a9bb84d12d42ca7e5d8380
                                                                                                                                          • Instruction ID: 388fc8f0962aec75b8c501c09726d5bd69ba1e88759a55bc8c918f92a7d4fc2c
                                                                                                                                          • Opcode Fuzzy Hash: f60b5da22a2aae10d4f3548d07580bdbee87200516a9bb84d12d42ca7e5d8380
                                                                                                                                          • Instruction Fuzzy Hash: 7C329E76B002059FDF24CFA9D881BAAB7F1EF84314F24416DE91AAB351DB31EA05CB51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4DD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(User,DevID,00DD6E20,?,00000208,?), ref: 00A4DDDD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: PrivateProfileString
                                                                                                                                          • String ID: DevID$User
                                                                                                                                          • API String ID: 1096422788-1978582063
                                                                                                                                          • Opcode ID: 39fecb4ad40d446ab03ee319721c210bb28fbe8cfebcb44cd35b1ac8642dff86
                                                                                                                                          • Instruction ID: c01ace16160e9f5cdab9c331744e9f498af2cb43a1c021d24b428b3b2f08e3e6
                                                                                                                                          • Opcode Fuzzy Hash: 39fecb4ad40d446ab03ee319721c210bb28fbe8cfebcb44cd35b1ac8642dff86
                                                                                                                                          • Instruction Fuzzy Hash: A301887564121CAFCB10DF55DC56FBAB779AB84710F008296F914972C2DA706A0D87A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B0B630 Relevance: 4.7, APIs: 3, Instructions: 216COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B0B776
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B0B799
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B0B7B3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 885266447-0
                                                                                                                                          • Opcode ID: a222cd55a90c21834aad7698110b23df9f8409281c280e08ebde5b71148c7b78
                                                                                                                                          • Instruction ID: 6f492cba33fb77d665c646b66a75cd26be9b89011ce26e8115f897eed6d5c679
                                                                                                                                          • Opcode Fuzzy Hash: a222cd55a90c21834aad7698110b23df9f8409281c280e08ebde5b71148c7b78
                                                                                                                                          • Instruction Fuzzy Hash: 1F712D71700606AFDB18CF79C994BE6FBE5FF89344F148269E819DB290DB31E9148B90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5DEEA Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F5C1
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5CE
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5DF3E
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5DF8F
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5E04F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2829624132-0
                                                                                                                                          • Opcode ID: eb5f9055e96a4e9352927dd27a5f7f832fe35c6a357025207a9b1df3009073e5
                                                                                                                                          • Instruction ID: f046f038122e990f1d008bdaabe53a66e79abbb6c1846bb07cd3e7b8c0d3b15d
                                                                                                                                          • Opcode Fuzzy Hash: eb5f9055e96a4e9352927dd27a5f7f832fe35c6a357025207a9b1df3009073e5
                                                                                                                                          • Instruction Fuzzy Hash: 4661A3715006079BEF2CAF28CD82B7A77A9EF04352F14417AED06C6581E774EA49DB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D17C49 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00D17D41
                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00D17D4B
                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00D17D58
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                          • Opcode ID: 579a123b88d626278528cc6f5ef4fd5349cc05f3d21b9f32c7ebac5400e9aca7
                                                                                                                                          • Instruction ID: 2b9da88cbd7a80634fac59f8aaebdee91fb29b04709ca1f8c8e7e5b461252885
                                                                                                                                          • Opcode Fuzzy Hash: 579a123b88d626278528cc6f5ef4fd5349cc05f3d21b9f32c7ebac5400e9aca7
                                                                                                                                          • Instruction Fuzzy Hash: 1B31C67491121CABCB21DF65E9897DDB7B8BF08310F5042EAE41CA7261EB309F858F55
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4807D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcess.KERNEL32(00000002,?,00D48053,00000002,00E1F220,0000000C,00D481E4,00000002,00000002), ref: 00D4809E
                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00D48053,00000002,00E1F220,0000000C,00D481E4,00000002,00000002), ref: 00D480A5
                                                                                                                                          • ExitProcess.KERNEL32 ref: 00D480B7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                          • Opcode ID: 535fcdfed501ace2ff93e9a2633b5ec93b1016d4083e20c73ddb7965bf9539f1
                                                                                                                                          • Instruction ID: 3715a534d101308001a1d2bfa5165398446324cf458ec413436179f221ff503d
                                                                                                                                          • Opcode Fuzzy Hash: 535fcdfed501ace2ff93e9a2633b5ec93b1016d4083e20c73ddb7965bf9539f1
                                                                                                                                          • Instruction Fuzzy Hash: 02E0B631010648AFCF116F54EE19A4D7B69EF903A1F050416FC059A222CB35DD86EB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A83A70 Relevance: 4.0, Strings: 3, Instructions: 235COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                          • String ID: %s at line %d of [%.10s]$0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da$database corruption
                                                                                                                                          • API String ID: 885266447-207748945
                                                                                                                                          • Opcode ID: f2257a2f2d1ab533552d6c103e499390daa21bf4762ca8b519833ce0974dc1f6
                                                                                                                                          • Instruction ID: 9be4ebd2f2b6c089423f4dac1ebcf783c4eb0b7fe4005c1c4584dec2ddba0c83
                                                                                                                                          • Opcode Fuzzy Hash: f2257a2f2d1ab533552d6c103e499390daa21bf4762ca8b519833ce0974dc1f6
                                                                                                                                          • Instruction Fuzzy Hash: C881C2B2B002019FCF18EF59C585A6EB7B1EF88B10F1581A9D84AAB351D771EE45CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A7E940 Relevance: 2.1, APIs: 1, Instructions: 630COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __allrem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2933888876-0
                                                                                                                                          • Opcode ID: 526733a82d90a165127e6994dfe25bbc78e99b3d2c9a9e11b838f1fea88ea87e
                                                                                                                                          • Instruction ID: b8345b68cb552d77bb2992c30f28055c25f52259d75b362c11fd8dcd2f5d7632
                                                                                                                                          • Opcode Fuzzy Hash: 526733a82d90a165127e6994dfe25bbc78e99b3d2c9a9e11b838f1fea88ea87e
                                                                                                                                          • Instruction Fuzzy Hash: 63323671E002199FDB24CFA9CC80BADBBB5BF48304F1485A9E909EB341E775AD55CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5E13A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F5C1
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5CE
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5E18E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1663032902-0
                                                                                                                                          • Opcode ID: 9a226cb4ddc658a778c375001f5e471fb798001b094bab67356db0d912860ce8
                                                                                                                                          • Instruction ID: d51b5838f45bc820853a1ac48836e3e5545bb8f03909d0fce50e3cb32687bea0
                                                                                                                                          • Opcode Fuzzy Hash: 9a226cb4ddc658a778c375001f5e471fb798001b094bab67356db0d912860ce8
                                                                                                                                          • Instruction Fuzzy Hash: A421BD32900616ABEF28AF25DC42EBA77A8EB44312F14007AFD11D6141EB34AE48CB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5DDC2 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00D5DEEA,00000001,00000000,?,00D4B25F,?,00D5E517,00000000,?,?,?), ref: 00D5DE34
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1084509184-0
                                                                                                                                          • Opcode ID: 0796af8f3ed4217486ad6508743b6a2fa08e56b7d12fab85c9e16d6f8387a989
                                                                                                                                          • Instruction ID: f48996779958686b33c8143cc74129db4f0ed366301877f62dd651c09badbf7c
                                                                                                                                          • Opcode Fuzzy Hash: 0796af8f3ed4217486ad6508743b6a2fa08e56b7d12fab85c9e16d6f8387a989
                                                                                                                                          • Instruction Fuzzy Hash: AF1106372003059FDF289F38C89257AB7A2FB9475AB19442DED868B640E371A906C760
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5E36A Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00D5E108,00000000,00000000,?), ref: 00D5E396
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2692324296-0
                                                                                                                                          • Opcode ID: 57284ec49aba9371ceeab071d5710008c601f6462f2e349b9305ee98cac7efba
                                                                                                                                          • Instruction ID: 5b490d9b1f08abffa3801a98fa66b904c2da45f61cb58580706e2ee9366443d8
                                                                                                                                          • Opcode Fuzzy Hash: 57284ec49aba9371ceeab071d5710008c601f6462f2e349b9305ee98cac7efba
                                                                                                                                          • Instruction Fuzzy Hash: A8F0F932A00215BBEF2CAB25C9066BA7758EB40756F090479EC59A3140EA71FE45C6B0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5DCB0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F5C1
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5CE
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00D4B266,00000000,00D4B386), ref: 00D5DD04
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1663032902-0
                                                                                                                                          • Opcode ID: 153a3bccc646abbfdedc359956d0de7cff4092085f20738f4ac98d99081ea302
                                                                                                                                          • Instruction ID: 7fcbe07a3fd410a084da1967ba75aa9ada4f069cbd8d60bf82addc16f144ac51
                                                                                                                                          • Opcode Fuzzy Hash: 153a3bccc646abbfdedc359956d0de7cff4092085f20738f4ac98d99081ea302
                                                                                                                                          • Instruction Fuzzy Hash: ABF0F432A40205ABDB24AF74EC45ABA33ACDB45321F15017AFD06D7241EA34AD099770
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5DE5D Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00D5E13A,00000001,00000000,?,00D4B25F,?,00D5E4DB,00D4B25F,?,?,?,?,?,00D4B25F,?,?), ref: 00D5DEA9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1084509184-0
                                                                                                                                          • Opcode ID: 04e2e56c30620a5a4a03db16521882de10b907ad8d11b59086793c463962b456
                                                                                                                                          • Instruction ID: a5ee3e00f353f89af20d1c9c51e5bac4701ce194d173bf965df9416871c8c34b
                                                                                                                                          • Opcode Fuzzy Hash: 04e2e56c30620a5a4a03db16521882de10b907ad8d11b59086793c463962b456
                                                                                                                                          • Instruction Fuzzy Hash: AAF0C2362007045FEF246F399C82A7A7B96EF90769F19842DFD858B650D671AC068770
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D50D3D Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D440D7: RtlEnterCriticalSection.NTDLL(-00E3B4F0), ref: 00D440E6
                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00D50CDF,00000001,00E1F570,0000000C), ref: 00D50D75
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                          • Opcode ID: 668b96542a7dd5e06fb7c29174271cd576a949292928032fd732c539ca4ec57e
                                                                                                                                          • Instruction ID: cc7623bdf6e37d11537894a7543b10a03ab5e508dbb196140b3897942a79b128
                                                                                                                                          • Opcode Fuzzy Hash: 668b96542a7dd5e06fb7c29174271cd576a949292928032fd732c539ca4ec57e
                                                                                                                                          • Instruction Fuzzy Hash: 50F06276A50344AFDB10EFA9D846BAE3BF0EB04721F105116F910EB2F2DB7489889F50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5DD59 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D4F562: GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                            • Part of subcall function 00D4F562: _free.LIBCMT ref: 00D4F599
                                                                                                                                            • Part of subcall function 00D4F562: SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                            • Part of subcall function 00D4F562: _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00D5DCB0,00000001,00000000,?,?,00D5E539,00D4B25F,?,?,?,?,?,00D4B25F,?,?,?), ref: 00D5DD90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1084509184-0
                                                                                                                                          • Opcode ID: 7ae9aacc1d6a6ee84261dbf90768210489ec5618ce8dd1ff1eafd3f9a8218b88
                                                                                                                                          • Instruction ID: 5a2d7b3f0937b35350320edabcc5a70cf2d369accb577a25412a2b1bf940e2ce
                                                                                                                                          • Opcode Fuzzy Hash: 7ae9aacc1d6a6ee84261dbf90768210489ec5618ce8dd1ff1eafd3f9a8218b88
                                                                                                                                          • Instruction Fuzzy Hash: D5F0A03630030557DF24AF35D84567ABBA5EBC1B61B4A405AEE098B250C671D886C7B0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A42A40 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • Failed to open cachefile, code %d, xrefs: 00A42D69
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Failed to open cachefile, code %d
                                                                                                                                          • API String ID: 0-286090388
                                                                                                                                          • Opcode ID: 1d7497025832e6ab78798f351ce1d80330f8130827424806aafe6b6a9945e61c
                                                                                                                                          • Instruction ID: 5fe1e4fab49343eee72d50cafbd15bcaca8cc6d70d6697fa19602c205da39d32
                                                                                                                                          • Opcode Fuzzy Hash: 1d7497025832e6ab78798f351ce1d80330f8130827424806aafe6b6a9945e61c
                                                                                                                                          • Instruction Fuzzy Hash: EEA15075A002299FCB24DF28CD89B9EB7B5EF84310F5442E9E809A7351DB30AE85CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D2321D Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 0
                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                          • Opcode ID: a749e05834424df131d9a275dbf95a1455154f0cf05432cca7aa01d94f566dce
                                                                                                                                          • Instruction ID: eb514ccc8a1da3045d93600f914d3ac26a82460f11c9856354c40e86f99ef28e
                                                                                                                                          • Opcode Fuzzy Hash: a749e05834424df131d9a275dbf95a1455154f0cf05432cca7aa01d94f566dce
                                                                                                                                          • Instruction Fuzzy Hash: E7514471608774D7DB349968B5567BE2385EF3670CF1C0419D982C7292CA1DDF42837A
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D22DB4 Relevance: 1.5, Strings: 1, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 0
                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                          • Opcode ID: 1fa841d9722bbd402cebd94a8f5b05df2992c61e18cb5d3511d685f77d151cb7
                                                                                                                                          • Instruction ID: d743555c9ebbded14c91bbf796c914ea58ca31a496cfc3680c20aa8bb2e3d1b2
                                                                                                                                          • Opcode Fuzzy Hash: 1fa841d9722bbd402cebd94a8f5b05df2992c61e18cb5d3511d685f77d151cb7
                                                                                                                                          • Instruction Fuzzy Hash: 4051696120477576DB38892876567BF33A5DF7630CF1D0509F882DB292C716EE42A3B2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D22B85 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 0
                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                          • Opcode ID: 44192a6ef54112ea2226e65ff20ca36a1866aa8ef782effe8a74d53909c60b54
                                                                                                                                          • Instruction ID: f39bce63d20368144f91e2c2eb7e88472c25c5468cf5968f81ea9f0179d409a3
                                                                                                                                          • Opcode Fuzzy Hash: 44192a6ef54112ea2226e65ff20ca36a1866aa8ef782effe8a74d53909c60b54
                                                                                                                                          • Instruction Fuzzy Hash: 465166316047687BDB348D68A956BFF6399DB7130CF0C0909F8C29B282D616ED46E3B1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00BA9600 Relevance: .6, Instructions: 643COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7f1d6d023afa6986c13d094a54c94069d628c219b3e22e305b6726c9d137318d
                                                                                                                                          • Instruction ID: 01ff75381c3e931bb3505f65f2201b3317f63785e2d39a15a0d4676cc093d122
                                                                                                                                          • Opcode Fuzzy Hash: 7f1d6d023afa6986c13d094a54c94069d628c219b3e22e305b6726c9d137318d
                                                                                                                                          • Instruction Fuzzy Hash: E5427C71A042189FDB24DF64DC81BEDB7F5EB45310F1086EAE419A7291EB74AE84CF60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00CABFE0 Relevance: .5, Instructions: 533COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2005118841-0
                                                                                                                                          • Opcode ID: 8c67a4f4e11d6324535beec4c5207794fb40941fc77baa4a7609cd682bd2cd97
                                                                                                                                          • Instruction ID: f5e7c87360a385edca48f93d48b07a112a0836b4f921ad31dc45ed1e0a587c23
                                                                                                                                          • Opcode Fuzzy Hash: 8c67a4f4e11d6324535beec4c5207794fb40941fc77baa4a7609cd682bd2cd97
                                                                                                                                          • Instruction Fuzzy Hash: CF02A171640248AFDB24DFA8CC82F9EB7B4EF49B14F104569F619EB2D1DB706A08CB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A6A910 Relevance: .4, Instructions: 449COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0aad52859bfc6ffc6a6434bfaacb31348109e8c8fab6375e6da229eff0277126
                                                                                                                                          • Instruction ID: a5ba4c90b521e71a5010512c65a12d9d37edbbbba57705fc9a19575122f69b37
                                                                                                                                          • Opcode Fuzzy Hash: 0aad52859bfc6ffc6a6434bfaacb31348109e8c8fab6375e6da229eff0277126
                                                                                                                                          • Instruction Fuzzy Hash: A1E14D735082828FD7158F3884913AABBB2DBB5310F288A7AD8D597783D135D945CBA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B7AD60 Relevance: .4, Instructions: 378COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9b705e51ecf4e4d221e607a8edc9b7e980f80cef509a5bd698ed7d2b3627f9d8
                                                                                                                                          • Instruction ID: 74d93addf95713649b9acec3f5d2e7ee6e860d6357b427bf799768bacbd5c0ef
                                                                                                                                          • Opcode Fuzzy Hash: 9b705e51ecf4e4d221e607a8edc9b7e980f80cef509a5bd698ed7d2b3627f9d8
                                                                                                                                          • Instruction Fuzzy Hash: EDE1EE71611602CFC769CF59C991A69B7E1FF99320728C6A9E47ACB3A0D731EC50CB41
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A924D0 Relevance: .4, Instructions: 356COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e40d0c48f814ea5bb1a83fc27b07aefd569598728f48b01ef076b87a87f9c946
                                                                                                                                          • Instruction ID: a146ab3d2e36600f93bca35f464a945f7f518450dcd5457855e8ea271b65e893
                                                                                                                                          • Opcode Fuzzy Hash: e40d0c48f814ea5bb1a83fc27b07aefd569598728f48b01ef076b87a87f9c946
                                                                                                                                          • Instruction Fuzzy Hash: 86F11471E006099FDF28CFA8C590BAEBBF1BF48300F24866DD456A7395E774AA44CB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A6A290 Relevance: .3, Instructions: 256COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e7b6998de0833e30af648cc0d6257a0cb1804ee31502ef54aa64f8d4d69f406a
                                                                                                                                          • Instruction ID: f865f44efce8df5400f6e9347266bb11f093b4d892a53a162444d7ea0eda91a0
                                                                                                                                          • Opcode Fuzzy Hash: e7b6998de0833e30af648cc0d6257a0cb1804ee31502ef54aa64f8d4d69f406a
                                                                                                                                          • Instruction Fuzzy Hash: DBB16EB6E006188FCB58CFA9C99069DFBF1BF48314F25816AD819EB305E730AA45CF54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D23B72 Relevance: .2, Instructions: 237COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 70b39480159a687be52e681a80e899234af68b23cb8d0dfc60056b7160861be4
                                                                                                                                          • Instruction ID: 13fc7c3ef99d13473989eaea643bc20c9cfa3e535ce79deb80cc9b9de76dd32b
                                                                                                                                          • Opcode Fuzzy Hash: 70b39480159a687be52e681a80e899234af68b23cb8d0dfc60056b7160861be4
                                                                                                                                          • Instruction Fuzzy Hash: 1C618A3070473956DE389E28B8567BE6395DF3170CF18081AE882EB291C62EDF42E335
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B79CD0 Relevance: .1, Instructions: 123COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cc16b872d2e790f1873d3fd174d398f2002ab7acaa29d6c71722f9ed0ceaa674
                                                                                                                                          • Instruction ID: 415cfff63249104ae1eaf57e41d7a5bb9ed5d656a91707a96e324ba1bdaef853
                                                                                                                                          • Opcode Fuzzy Hash: cc16b872d2e790f1873d3fd174d398f2002ab7acaa29d6c71722f9ed0ceaa674
                                                                                                                                          • Instruction Fuzzy Hash: 4C413A71A016258FCB68CF19CC946E9F7F1AF89315F1586EAD81EAB311D634AD80CF80
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D0D320 Relevance: .1, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                          • Instruction ID: 416f8fea5fc6802b4a7d4b3d7eeb2a544551a3f02b323aac3c6ee32c38cd196c
                                                                                                                                          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                          • Instruction Fuzzy Hash: F9112BB720454143D61486FDD4B47BBF397EBC632172C437BD1494B7D8D222E9459632
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A43B90 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OpenMutexW.KERNEL32(001F0001,00000000,GLOBAL/{C5FD4B75-0292-4B34-9408-0B6CFB5FAE48}), ref: 00A43BC2
                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,GLOBAL/{C5FD4B75-0292-4B34-9408-0B6CFB5FAE48}), ref: 00A43BD5
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00A43BE4
                                                                                                                                          • ReleaseMutex.KERNEL32(00000000), ref: 00A43C4C
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A43C53
                                                                                                                                          • ReleaseMutex.KERNEL32(00000000), ref: 00A43C6E
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A43C75
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateObjectOpenSingleWait
                                                                                                                                          • String ID: Cache $Failed to open cachefile, code %d$GLOBAL/{C5FD4B75-0292-4B34-9408-0B6CFB5FAE48}$ab+$lock$unlock$wait
                                                                                                                                          • API String ID: 1514185952-1855010085
                                                                                                                                          • Opcode ID: c6c580729a907314db5ca96e502dc171ec4f7148b18c0b99746df77db160e62e
                                                                                                                                          • Instruction ID: 2dad792fd7ebfa580470f0fb25ade7a7765fe1402c1261d58f5d46bded7d1c9e
                                                                                                                                          • Opcode Fuzzy Hash: c6c580729a907314db5ca96e502dc171ec4f7148b18c0b99746df77db160e62e
                                                                                                                                          • Instruction Fuzzy Hash: E721D4769822247BCE2127A0AE06F9E3B1CDF51721F110602FD14A2391DBB19B149AB5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B1ABD0 Relevance: 19.8, APIs: 13, Instructions: 259fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00B1ACA0
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B1ACAD
                                                                                                                                          • GetSystemInfo.KERNEL32(FFFFFFFF), ref: 00B1ACDE
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1ACF0
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B1AD30
                                                                                                                                          • MapViewOfFileEx.KERNEL32(?,FFFFFFFF,?,?,?,?,?,?,00010000,00000000), ref: 00B1AD98
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B1ADA2
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B1AE87
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$File$CreateException@8InfoMappingSystemThrowUnothrow_t@std@@@View__ehfuncinfo$??2@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 185219267-0
                                                                                                                                          • Opcode ID: 249412e36c7328536928790157a68d5408694a9f4c2659cec07815ff2ccfc2cb
                                                                                                                                          • Instruction ID: d1c8a78bb250166888977bd3b036d25222f89c7d870bc03d13d2a9a8b2db9b1f
                                                                                                                                          • Opcode Fuzzy Hash: 249412e36c7328536928790157a68d5408694a9f4c2659cec07815ff2ccfc2cb
                                                                                                                                          • Instruction Fuzzy Hash: 2291D171A002189BDF24DF64DC85FEEBBB9FF44710F60826AE915E7291DB30A944CB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5D089 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 00D5D0CD
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C2D8
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C2EA
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C2FC
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C30E
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C320
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C332
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C344
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C356
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C368
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C37A
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C38C
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C39E
                                                                                                                                            • Part of subcall function 00D5C2BB: _free.LIBCMT ref: 00D5C3B0
                                                                                                                                          • _free.LIBCMT ref: 00D5D0C2
                                                                                                                                            • Part of subcall function 00D4F7A3: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000), ref: 00D4F7B9
                                                                                                                                            • Part of subcall function 00D4F7A3: GetLastError.KERNEL32(00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000,00000000), ref: 00D4F7CB
                                                                                                                                          • _free.LIBCMT ref: 00D5D0E4
                                                                                                                                          • _free.LIBCMT ref: 00D5D0F9
                                                                                                                                          • _free.LIBCMT ref: 00D5D104
                                                                                                                                          • _free.LIBCMT ref: 00D5D126
                                                                                                                                          • _free.LIBCMT ref: 00D5D139
                                                                                                                                          • _free.LIBCMT ref: 00D5D147
                                                                                                                                          • _free.LIBCMT ref: 00D5D152
                                                                                                                                          • _free.LIBCMT ref: 00D5D18A
                                                                                                                                          • _free.LIBCMT ref: 00D5D191
                                                                                                                                          • _free.LIBCMT ref: 00D5D1AE
                                                                                                                                          • _free.LIBCMT ref: 00D5D1C6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                          • Opcode ID: 64ebdf49a6ea2a40c043f49a77de6223ab396ec07d75b86d678e8579c95e7635
                                                                                                                                          • Instruction ID: 577fa165ef3e8c00c6a8b0490516dba4b1e6bf55eb9c6cf08442c7805f7a9b42
                                                                                                                                          • Opcode Fuzzy Hash: 64ebdf49a6ea2a40c043f49a77de6223ab396ec07d75b86d678e8579c95e7635
                                                                                                                                          • Instruction Fuzzy Hash: 9F316972A00B019FEF30AF38D885F5673EAEB40316F194429EC59D61A1DE35AD48CB71
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A54790 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 330registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Clients\StartMenuInternet,00000000,00020019,?,5A381189,?,?,00000000), ref: 00A547E3
                                                                                                                                          • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00A54812
                                                                                                                                          • RegEnumKeyExA.ADVAPI32(?,?,?,00000100,00000000,00000000,00000000,00000000,?,?), ref: 00A54C47
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00A54C5B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Enum$CloseOpen
                                                                                                                                          • String ID: Fire$Google$Microsoft$SOFTWARE\Clients\StartMenuInternet$list<T> too long
                                                                                                                                          • API String ID: 1701607978-936780641
                                                                                                                                          • Opcode ID: 1ffde36a8773facb8964d25e7b566c581c5b675a60b4c080dd23d141a0bd09f5
                                                                                                                                          • Instruction ID: 8ab0f43e49a5acc8ad56afcaac6b2dfc0a064ee6566c247ed477220d5023eeaf
                                                                                                                                          • Opcode Fuzzy Hash: 1ffde36a8773facb8964d25e7b566c581c5b675a60b4c080dd23d141a0bd09f5
                                                                                                                                          • Instruction Fuzzy Hash: D2D1AB71900268AFDB29CB14CC49BDDB7B5BB09319F0442D9EA5DA7291D770AEC8CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D65870 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 255COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00D65927
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00D65946
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00D65966
                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00D65A04
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00D65A20
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                          • API String ID: 459529453-1866435925
                                                                                                                                          • Opcode ID: 47fc1cceecb718c35ad999618e7cb308e4901a46203660965a5b4f6eee928211
                                                                                                                                          • Instruction ID: 3db4939f3666c852f37e937ba30b18a9cd3882d84bc194f889c28f601d526fc3
                                                                                                                                          • Opcode Fuzzy Hash: 47fc1cceecb718c35ad999618e7cb308e4901a46203660965a5b4f6eee928211
                                                                                                                                          • Instruction Fuzzy Hash: 4BA19071A04609DFDB14CF98D985B9EBBF4FF04314F1841AAE845AB361D770AE44CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D121FF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::getArgumentList.LIBVCRUNTIME ref: 00D1221F
                                                                                                                                            • Part of subcall function 00D12109: Replicator::operator[].LIBVCRUNTIME ref: 00D12175
                                                                                                                                            • Part of subcall function 00D12109: DName::operator+=.LIBVCRUNTIME ref: 00D1217D
                                                                                                                                          • DName::operator+.LIBCMT ref: 00D12276
                                                                                                                                          • DName::DName.LIBVCRUNTIME ref: 00D122BF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                          • API String ID: 834187326-2211150622
                                                                                                                                          • Opcode ID: 07fee8cb36085f5bca72604c5acec8c5c98c548359e28bb8ee087562efe02678
                                                                                                                                          • Instruction ID: 59761e0e3c8a3ab602fda2cafb68297f852528589f5f1d273a251d0e772732a8
                                                                                                                                          • Opcode Fuzzy Hash: 07fee8cb36085f5bca72604c5acec8c5c98c548359e28bb8ee087562efe02678
                                                                                                                                          • Instruction Fuzzy Hash: 42219D70600209AFDB14CF1CE859BF93FE4EB05348F148059E956EB262DB32D995CB78
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D1247A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::UScore.LIBVCRUNTIME ref: 00D12482
                                                                                                                                          • DName::DName.LIBVCRUNTIME ref: 00D1248C
                                                                                                                                            • Part of subcall function 00D10B44: DName::doPchar.LIBVCRUNTIME ref: 00D10B6B
                                                                                                                                          • UnDecorator::getScopedName.LIBVCRUNTIME ref: 00D124CB
                                                                                                                                          • DName::operator+=.LIBVCRUNTIME ref: 00D124D5
                                                                                                                                          • DName::operator+=.LIBCMT ref: 00D124E4
                                                                                                                                          • DName::operator+=.LIBCMT ref: 00D124F0
                                                                                                                                          • DName::operator+=.LIBCMT ref: 00D124FD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                          • String ID: void
                                                                                                                                          • API String ID: 1480779885-3531332078
                                                                                                                                          • Opcode ID: f64f394fbbc45b4dd72968bad44cb4e1f90c2fc6927d5359a2dabf700e1569b5
                                                                                                                                          • Instruction ID: e890b1f45c4366e35e6b3580eda67b16e9ac2d0587af4ea3d25763ac8d438cf9
                                                                                                                                          • Opcode Fuzzy Hash: f64f394fbbc45b4dd72968bad44cb4e1f90c2fc6927d5359a2dabf700e1569b5
                                                                                                                                          • Instruction Fuzzy Hash: 8A118234900209BFDB09EF68E85ABF9BB74EB15300F044089E506AB2D2DF71DAD5C670
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00C5022B Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00C50237
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00C50245
                                                                                                                                            • Part of subcall function 00D0CE2E: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFE720,?,?,00B746EE,?,?,?,00B29E45,?,00DFE720,00000000,00000001), ref: 00D0CE8E
                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00C50257
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00C50265
                                                                                                                                          • std::regex_error::regex_error.LIBCPMT ref: 00C50277
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00C50285
                                                                                                                                            • Part of subcall function 00A521C0: ___std_exception_copy.LIBVCRUNTIME ref: 00A521E8
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00C502A5
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$std::invalid_argument::invalid_argument$DispatcherExceptionUser___std_exception_copystd::regex_error::regex_error
                                                                                                                                          • String ID: bad function call
                                                                                                                                          • API String ID: 1729024431-3612616537
                                                                                                                                          • Opcode ID: 49004601d3168f4bdad4a30358c08599d4a0598d289b4240943a63be9734173a
                                                                                                                                          • Instruction ID: ddcfa0d7c2ea710867ad3ff833bc36f6fdc5cf858f8d08bb3649a809942e8836
                                                                                                                                          • Opcode Fuzzy Hash: 49004601d3168f4bdad4a30358c08599d4a0598d289b4240943a63be9734173a
                                                                                                                                          • Instruction Fuzzy Hash: 42014B38D0420CB7CB00FBE4DC46FDDB77DAA04700F845520BA24A30D2EB71A6599AE5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B18162 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll), ref: 00B1822E
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RtlWow64EnableFsRedirectionEx), ref: 00B1823E
                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 00B1824E
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 00B1825E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                          • String ID: AddDllDirectory$RtlWow64EnableFsRedirectionEx$kernel32$ntdll
                                                                                                                                          • API String ID: 1646373207-1220463047
                                                                                                                                          • Opcode ID: be4322a8e1b71f7fcda577bae5c85ee44797ab5de5eb5f4a95da6344d62369fe
                                                                                                                                          • Instruction ID: 944e6703a1083e566a24e91f0445e8d62c6cef9538f60a40742c89eace4d38b8
                                                                                                                                          • Opcode Fuzzy Hash: be4322a8e1b71f7fcda577bae5c85ee44797ab5de5eb5f4a95da6344d62369fe
                                                                                                                                          • Instruction Fuzzy Hash: BBF0A0307443528F9F011B32BE5AD653A98FB5071935A606BA802F23A1DF30C884E6B0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2A610 Relevance: 12.2, APIs: 8, Instructions: 223sleepthreadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?,?,00000000), ref: 00B2A6FB
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2A797
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2A7A6
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B2A7C3
                                                                                                                                          • SwitchToThread.KERNEL32(?,?,?,?,00000000), ref: 00B2A806
                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,00000000), ref: 00B2A811
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B2A835
                                                                                                                                          • Sleep.KERNEL32(00000001,?,?,?,?,00000000), ref: 00B2A862
                                                                                                                                            • Part of subcall function 00B2A440: GetSystemInfo.KERNEL32(?,00000000,00000000,00000000), ref: 00B2A4A9
                                                                                                                                            • Part of subcall function 00B2A440: GetTickCount.KERNEL32 ref: 00B2A56C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CountTick$InfoSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@$SwitchThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4159405369-0
                                                                                                                                          • Opcode ID: 83bb40b7739056939436fa6d21c9e1df903b6976fec9877d8c327f6e6d6fbde2
                                                                                                                                          • Instruction ID: 52e4100538f6d4e4d04238dd893aca6b9c11fef4680420a6102b12c2d3501d10
                                                                                                                                          • Opcode Fuzzy Hash: 83bb40b7739056939436fa6d21c9e1df903b6976fec9877d8c327f6e6d6fbde2
                                                                                                                                          • Instruction Fuzzy Hash: DE71C775D002299FDB15DFA8E880AADB7F4FF48710F1541A9E819E7350EB319D41CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2A440 Relevance: 12.2, APIs: 8, Instructions: 166sleepthreadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNEL32(?,00000000,00000000,00000000), ref: 00B2A4A9
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2A541
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2A550
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B2A56C
                                                                                                                                          • SwitchToThread.KERNEL32(00000000,00000000,00000000), ref: 00B2A5A2
                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 00B2A5AD
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B2A5D0
                                                                                                                                          • Sleep.KERNEL32(00000001), ref: 00B2A5F9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CountSleepTickUnothrow_t@std@@@__ehfuncinfo$??2@$InfoSwitchSystemThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 719126744-0
                                                                                                                                          • Opcode ID: 6f38919167e202048df2f5ab3acfa96d411ada402bcd4f2b21e73646daa270e9
                                                                                                                                          • Instruction ID: 66e83995bad622154fdaff55524096eeac9369c84f9825107b16627e8bb4ff83
                                                                                                                                          • Opcode Fuzzy Hash: 6f38919167e202048df2f5ab3acfa96d411ada402bcd4f2b21e73646daa270e9
                                                                                                                                          • Instruction Fuzzy Hash: 0C51E771E002159FDB14DFA8ED84AAEB7F4EF58310F1045A9E919E7340EB30E944CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B80050 Relevance: 12.2, APIs: 8, Instructions: 150COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00B27E15), ref: 00B8006D
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B8010A
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B80119
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B8013C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CountInfoSystemTick
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 390054215-0
                                                                                                                                          • Opcode ID: 3f2ca18842fc5347532fbd8e3ef536b19d9d4587febecebabe61ffb54ba71365
                                                                                                                                          • Instruction ID: 669396c080ab4f6be8ad92e7dc9039e388897d9a89f5e1a8e4350e8f01bc9a04
                                                                                                                                          • Opcode Fuzzy Hash: 3f2ca18842fc5347532fbd8e3ef536b19d9d4587febecebabe61ffb54ba71365
                                                                                                                                          • Instruction Fuzzy Hash: F641A671A102059BDB54FFA4ECC5A7AB7E4EF54350F10819AE809EA256EB31D908CB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4CB3F Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetConsoleCP.KERNEL32(?,00D2B499,E0830C40,?,?,?,?,?,?,00D4D2B4,00C53149,00D2B499,?,00D2B499,00D2B499,00C53149), ref: 00D4CB81
                                                                                                                                          • __fassign.LIBCMT ref: 00D4CBFC
                                                                                                                                          • __fassign.LIBCMT ref: 00D4CC17
                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00D2B499,00000001,?,00000005,00000000,00000000), ref: 00D4CC3D
                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,00D4D2B4,00000000,?,?,?,?,?,?,?,?,?,00D4D2B4,00C53149), ref: 00D4CC5C
                                                                                                                                          • WriteFile.KERNEL32(?,00C53149,00000001,00D4D2B4,00000000,?,?,?,?,?,?,?,?,?,00D4D2B4,00C53149), ref: 00D4CC95
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                          • Opcode ID: 24c74484c184654cdd727d38417cabff1d43d693e67474249b079413c4c9877f
                                                                                                                                          • Instruction ID: dc337ac8dd97c376647473ca92af2a6af7816e1df5681c49b5507c7f6e1a4acf
                                                                                                                                          • Opcode Fuzzy Hash: 24c74484c184654cdd727d38417cabff1d43d693e67474249b079413c4c9877f
                                                                                                                                          • Instruction Fuzzy Hash: 3851BFB1A102499FCB10CFA9DC85AEEBBF9FF09310F18511AE955E7291E730A941CB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A5F470 Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeGetcvtRegister
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2755674607-0
                                                                                                                                          • Opcode ID: f0b8335ee49b76a21764b0da0afacf6742e9c7b62741c5d08ce47afbf03b5e21
                                                                                                                                          • Instruction ID: d712346798bb8be7176e6ac15234ede87b7a9517a5d104edf8fbc2f298cba378
                                                                                                                                          • Opcode Fuzzy Hash: f0b8335ee49b76a21764b0da0afacf6742e9c7b62741c5d08ce47afbf03b5e21
                                                                                                                                          • Instruction Fuzzy Hash: 6251E471900608DFCB10CF68D985A6AB7F4FF14311F244169EC45A7262EB31FA8ACB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D0FD90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00D0FDBB
                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00D0FDC3
                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00D0FE51
                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00D0FE7C
                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00D0FED1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                          • String ID: csm
                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                          • Opcode ID: a7dea618d1bc6d887973ca53699cf31e197a3ad2cf7394cdcbfc33622cfd78dc
                                                                                                                                          • Instruction ID: 1d401f24e62c647fadb547e34cf85199fb6195b09ecdd7a8306d9afaa0ef7691
                                                                                                                                          • Opcode Fuzzy Hash: a7dea618d1bc6d887973ca53699cf31e197a3ad2cf7394cdcbfc33622cfd78dc
                                                                                                                                          • Instruction Fuzzy Hash: F241A334A00209ABCB20DF69D844B9EBBB5EF45314F288165F918AB7A3D771D945CBB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2A350 Relevance: 10.6, APIs: 7, Instructions: 100fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetFileSizeEx.KERNEL32(00000000,00DFDA24,74DF3370,00000000,?,00DFDA24,00000000,00000013,00000000,00000000,00000000,00000000,00000000,?,00DFDA24,?), ref: 00B2A36F
                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000), ref: 00B2A396
                                                                                                                                          • WriteFile.KERNEL32(00000000,00E39D40,?,?,00000000,00000000), ref: 00B2A3C8
                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B2A3F4
                                                                                                                                          • SetEndOfFile.KERNEL32(00000000), ref: 00B2A3FF
                                                                                                                                          • GetLastError.KERNEL32 ref: 00B2A409
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B2A42E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$Pointer$ErrorException@8LastSizeThrowWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1723682822-0
                                                                                                                                          • Opcode ID: ad5b73df059e86ad01cddcf6f27fefbb90b1ef40c5ced5ae06dfc2f718b0a062
                                                                                                                                          • Instruction ID: 000f0c20c838ae49df1f55fd86080eb842e94565b2d9b63e85b8d01fdd7384d8
                                                                                                                                          • Opcode Fuzzy Hash: ad5b73df059e86ad01cddcf6f27fefbb90b1ef40c5ced5ae06dfc2f718b0a062
                                                                                                                                          • Instruction Fuzzy Hash: BA218371A40218BBDB10EB65FD89FAE77FCEF41750F11406AF519E7192DA70AC008B65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5CE59 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00D5CB22: _free.LIBCMT ref: 00D5CB4B
                                                                                                                                          • _free.LIBCMT ref: 00D5CEA7
                                                                                                                                            • Part of subcall function 00D4F7A3: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000), ref: 00D4F7B9
                                                                                                                                            • Part of subcall function 00D4F7A3: GetLastError.KERNEL32(00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000,00000000), ref: 00D4F7CB
                                                                                                                                          • _free.LIBCMT ref: 00D5CEB2
                                                                                                                                          • _free.LIBCMT ref: 00D5CEBD
                                                                                                                                          • _free.LIBCMT ref: 00D5CF11
                                                                                                                                          • _free.LIBCMT ref: 00D5CF1C
                                                                                                                                          • _free.LIBCMT ref: 00D5CF27
                                                                                                                                          • _free.LIBCMT ref: 00D5CF32
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                          • Opcode ID: 722e0d65a95ab4bd4110b85d3d788af241d22b5ebd4287878ce94cb886b23853
                                                                                                                                          • Instruction ID: 91d6d7ca8971a8ad41225075b3c5b39b4f0f608e5507e70258053530f75c3758
                                                                                                                                          • Opcode Fuzzy Hash: 722e0d65a95ab4bd4110b85d3d788af241d22b5ebd4287878ce94cb886b23853
                                                                                                                                          • Instruction Fuzzy Hash: 34117232951704BFDE20BFB0CC47FCB779CDF04711F804C25BAAAAA062D629B5094672
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00C4F788 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,00B20491,?,?,00C4FBAA,00E3A784,000000FF,?,?,00B36B0A,?,00B36C27,?,00B36BAE), ref: 00C4F7AF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                          • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                                                          • API String ID: 1029625771-1745123996
                                                                                                                                          • Opcode ID: ef0c7592e3017f048a1ef131720b052700eb3d8532bca4abdbc84b4a09d79b9f
                                                                                                                                          • Instruction ID: 930ba43cd70b9a3e60fdac499232304d4b4f07724d381f86fd6fda7aa8710183
                                                                                                                                          • Opcode Fuzzy Hash: ef0c7592e3017f048a1ef131720b052700eb3d8532bca4abdbc84b4a09d79b9f
                                                                                                                                          • Instruction Fuzzy Hash: 4F019631640310AACA115764EC87FE93F68AF13748F080079FD41BE2E6DBD2864FD1A6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4BEC0 Relevance: 9.3, APIs: 6, Instructions: 289COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,5A381189), ref: 00A4BEFF
                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,5A381189,00000000,00000000,00D6ED58,?,?,00000000,00000000,5A381189), ref: 00A4BF2B
                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,5A381189,?,?,00000000,5A381189), ref: 00A4BFFE
                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,5A381189,00000000,00000000,00000000,00000000,?,?,000000FF,00000000,00000000,00000000,00000000), ref: 00A4C02A
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,5A381189,?,00000000,00000000,00000000,5A381189,?,?,00000000,5A381189), ref: 00A4C0E7
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,5A381189,00000000,00000000,?,?,000000FF,00000000,00000000,5A381189,?,00000000,00000000), ref: 00A4C10F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 626452242-0
                                                                                                                                          • Opcode ID: 7c95914fec0527041e91115120647736b8b01062cc527ef861073a7d64c71db8
                                                                                                                                          • Instruction ID: a45ee99e359090d78061a1cb49bc7e5362ac9dc05ea13df0cfb57f71f4badd95
                                                                                                                                          • Opcode Fuzzy Hash: 7c95914fec0527041e91115120647736b8b01062cc527ef861073a7d64c71db8
                                                                                                                                          • Instruction Fuzzy Hash: F7811475A01215AFEB149F68DD81BAFB7A8EF49720F100359F915EB3C1D7B0A9008BB5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D54D1A Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00D258FF,00D258FF,?,?,?,00D54F6B,00000001,00000001,ADE85006), ref: 00D54D74
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00D54F6B,00000001,00000001,ADE85006,?,?,?), ref: 00D54DFA
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,ADE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00D54EF4
                                                                                                                                          • __freea.LIBCMT ref: 00D54F01
                                                                                                                                            • Part of subcall function 00D4F7DD: RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00D4F80F
                                                                                                                                          • __freea.LIBCMT ref: 00D54F0A
                                                                                                                                          • __freea.LIBCMT ref: 00D54F2F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                          • Opcode ID: d8a7b9b53b5598707316823960fb6e583a32a86734a62d2168df894c9f52f302
                                                                                                                                          • Instruction ID: 78be1ff3286f99562648c42632e528e8d986823e15bd6814d4a5115f600878cd
                                                                                                                                          • Opcode Fuzzy Hash: d8a7b9b53b5598707316823960fb6e583a32a86734a62d2168df894c9f52f302
                                                                                                                                          • Instruction Fuzzy Hash: C551FE72600216AFDF258F68CC45EAF77A9EF8075AF190229FC09D6180EB34DC889671
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A7BF40 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 373COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A7C108
                                                                                                                                          Strings
                                                                                                                                          • cannot open file, xrefs: 00A7C09C
                                                                                                                                          • %s at line %d of [%.10s], xrefs: 00A7C0A1
                                                                                                                                          • 0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da, xrefs: 00A7C092
                                                                                                                                          • recovered %d frames from WAL file %s, xrefs: 00A7C32C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                          • String ID: %s at line %d of [%.10s]$0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da$cannot open file$recovered %d frames from WAL file %s
                                                                                                                                          • API String ID: 885266447-142891868
                                                                                                                                          • Opcode ID: e7b8136553d06335bb9c0a3236b91cdb2e47920e9993f8c0603080c702f3539b
                                                                                                                                          • Instruction ID: 99d8e2bbd79f419c40fb5dad774131da9b7a45a6c9fea5943eb1489396095c3c
                                                                                                                                          • Opcode Fuzzy Hash: e7b8136553d06335bb9c0a3236b91cdb2e47920e9993f8c0603080c702f3539b
                                                                                                                                          • Instruction Fuzzy Hash: A7D14B70A006089FDB24DFA8CC81BAEB7F5AF88314F14852DE55AEB352E771AD45CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A5F0C0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00A5F0EC
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00A5F10E
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5F12E
                                                                                                                                          • __Getcvt.LIBCPMT ref: 00A5F1CD
                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00A5F204
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5F224
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcvtRegister
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3552396256-0
                                                                                                                                          • Opcode ID: f8a3a77efc67038584f66c02e93caeadb32d0cca241a4fc92351675d3950b25d
                                                                                                                                          • Instruction ID: 0374410f74462125ae13e02693be40be0c907a0f49a9bf6ac0d6ffb192f8a446
                                                                                                                                          • Opcode Fuzzy Hash: f8a3a77efc67038584f66c02e93caeadb32d0cca241a4fc92351675d3950b25d
                                                                                                                                          • Instruction Fuzzy Hash: 5941F371900608DFDB11DF55D844AAABBF4FF14310F154269ED4AAB362D730FA8ACB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2AA30 Relevance: 9.1, APIs: 6, Instructions: 116COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2AA63
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2AA85
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2AAA5
                                                                                                                                          • __Getctype.LIBCPMT ref: 00B2AB4C
                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00B2AB75
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2AB8D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1102183713-0
                                                                                                                                          • Opcode ID: 307eb5e16fce85cb7e4293ae455b0658c8c50fdb55552b35d99fa7d5fffff005
                                                                                                                                          • Instruction ID: 2c72f3eab4033ce38e527df2e24121df65053b81f63d927540f74ce3846678ee
                                                                                                                                          • Opcode Fuzzy Hash: 307eb5e16fce85cb7e4293ae455b0658c8c50fdb55552b35d99fa7d5fffff005
                                                                                                                                          • Instruction Fuzzy Hash: C341D471900628CFDB10CF54D989BAABBF5FF04710F1481A9E80AAB351D771AD86CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B71330 Relevance: 9.1, APIs: 6, Instructions: 93sleepthreadlibraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SwitchToThread.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B71368
                                                                                                                                          • Sleep.KERNEL32(00000001,00000000,?,-0000001F,00000000,00000000), ref: 00B71377
                                                                                                                                          • SwitchToThread.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B713D4
                                                                                                                                          • Sleep.KERNEL32(00000001,00000000,?,-0000001F,00000000,00000000), ref: 00B713E3
                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B71406
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B7142A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: SleepSwitchThread$AddressHandleModuleProc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1866616949-0
                                                                                                                                          • Opcode ID: 7396dc0013ce39dd0f080e1dd41533083db2ea9c01b31431dcf0cc9c61b9a90d
                                                                                                                                          • Instruction ID: 6f1ff6722bfb57710f31b3a3e74712bc71dddfe5ca301fd55d3a76da039c2f6e
                                                                                                                                          • Opcode Fuzzy Hash: 7396dc0013ce39dd0f080e1dd41533083db2ea9c01b31431dcf0cc9c61b9a90d
                                                                                                                                          • Instruction Fuzzy Hash: 1C313B34200209EFCB04DF6DFCA96A57BF4FB46351F0144AAD919E3361E7715955CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4F562 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00D6F4D0,00000000,00D18E36,00000000,00000000,?,00D4FA66,00000000,00000000,?,?,00D6F4D0), ref: 00D4F566
                                                                                                                                          • _free.LIBCMT ref: 00D4F599
                                                                                                                                          • _free.LIBCMT ref: 00D4F5C1
                                                                                                                                          • SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5CE
                                                                                                                                          • SetLastError.KERNEL32(00000000,00000000,?,?,00D6F4D0), ref: 00D4F5DA
                                                                                                                                          • _abort.LIBCMT ref: 00D4F5E0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                          • Opcode ID: 14582ea5909ed2d66a07978b535a72c387918a34540cdc187dd6552f781c9b7f
                                                                                                                                          • Instruction ID: 309ecff96215eb7d3052e6f33656b679200070e0d9de76b58c9b37c2d705353d
                                                                                                                                          • Opcode Fuzzy Hash: 14582ea5909ed2d66a07978b535a72c387918a34540cdc187dd6552f781c9b7f
                                                                                                                                          • Instruction Fuzzy Hash: 91F0C23A5407412BC6223F34FC0AF1B266ADFC1776B2A0036FA19E22B1EF21894641B1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B305F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 175windowCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FormatMessageA.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000,5A381189,?,?,?,00000000), ref: 00B30679
                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000001,?,?,?,00000000), ref: 00B306A6
                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00B307B2
                                                                                                                                          Strings
                                                                                                                                          • boost::interprocess_exception::library_error, xrefs: 00B30737
                                                                                                                                          • WinApi FormatMessage returned error, xrefs: 00B306FF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FormatFreeLocalMessage___std_exception_copy
                                                                                                                                          • String ID: WinApi FormatMessage returned error$boost::interprocess_exception::library_error
                                                                                                                                          • API String ID: 1074912651-391267213
                                                                                                                                          • Opcode ID: 3e4cac6a21a094f904188af37a0b0961234aa9986748dedd5801b668736ad0f1
                                                                                                                                          • Instruction ID: e3ec63faf895f02fa88fffa5f4cf43fe5593bccfeb9b5a8a625e0c0e475ab7f3
                                                                                                                                          • Opcode Fuzzy Hash: 3e4cac6a21a094f904188af37a0b0961234aa9986748dedd5801b668736ad0f1
                                                                                                                                          • Instruction Fuzzy Hash: 0851ED74604606EFD704DF18D995BA9BBF9FF85300F20825EE40987A81EB70B955CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A54130 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00A5415D
                                                                                                                                            • Part of subcall function 00D0CE2E: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFE720,?,?,00B746EE,?,?,?,00B29E45,?,00DFE720,00000000,00000001), ref: 00D0CE8E
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00A541A2
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$DispatcherExceptionUser
                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                          • API String ID: 4200477539-1866435925
                                                                                                                                          • Opcode ID: 8687e240b71c7c81659c49eeb56165363ef7612de0921931056e34a62c47d9e4
                                                                                                                                          • Instruction ID: f62fb6399bcaf54756ad8d6527b7cbbb83841c3c2a9c3d774eaafd9d0603fb94
                                                                                                                                          • Opcode Fuzzy Hash: 8687e240b71c7c81659c49eeb56165363ef7612de0921931056e34a62c47d9e4
                                                                                                                                          • Instruction Fuzzy Hash: A0014C7290471437DB10EA54DC03FDA7388BB14716F044666FE585B2C2F671D9888BE5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D48126 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00D480B3,00000002,?,00D48053,00000002,00E1F220,0000000C,00D481E4,00000002), ref: 00D48146
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D48159
                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00D480B3,00000002,?,00D48053,00000002,00E1F220,0000000C,00D481E4,00000002), ref: 00D4817C
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                          • Opcode ID: e05cc6b8709b5830f926ba060b47af480f34043ae5490999dcb6226f41f19f22
                                                                                                                                          • Instruction ID: 93ded3d01435181221445c92f08ca884b155b8f3e83d5d86ec11b495dc705524
                                                                                                                                          • Opcode Fuzzy Hash: e05cc6b8709b5830f926ba060b47af480f34043ae5490999dcb6226f41f19f22
                                                                                                                                          • Instruction Fuzzy Hash: A8F04430A01319BFCB115FA6EC09B9DBFB5EF04755F45406BF805A2251DB705E45DBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D56465 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d2e2c3a8879f48c9ec1b67e519a66c83b45d3fb8b49d4e65bab78c0d9afaac0b
                                                                                                                                          • Instruction ID: 1bbc2bccb865cf14719f34188ab88b76735a057cba8bd0cd8edb009366aec771
                                                                                                                                          • Opcode Fuzzy Hash: d2e2c3a8879f48c9ec1b67e519a66c83b45d3fb8b49d4e65bab78c0d9afaac0b
                                                                                                                                          • Instruction Fuzzy Hash: 9471D5319042169FDF219F54C844ABFBB75EF51362FA802A9EC50A7291DB70DD89CBB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D49399 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                          • Opcode ID: 09a09a958f2db44c2b52b0d7621550477232830933bb1d23c7203f9dcef61a2a
                                                                                                                                          • Instruction ID: 712f0186929e7ff014a8401ca8b85721383e6676c4f20ee97ae6308cc1fcd7df
                                                                                                                                          • Opcode Fuzzy Hash: 09a09a958f2db44c2b52b0d7621550477232830933bb1d23c7203f9dcef61a2a
                                                                                                                                          • Instruction Fuzzy Hash: E741D236E002049FCB20DF79C891A9EB3E5EF89314F2545A8E519EB391DB31ED02DB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B29E50 Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00B241D0: ___std_exception_copy.LIBVCRUNTIME ref: 00B24218
                                                                                                                                            • Part of subcall function 00B241D0: ___std_exception_destroy.LIBVCRUNTIME ref: 00B24307
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B29E6E
                                                                                                                                            • Part of subcall function 00D0CE2E: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFE720,?,?,00B746EE,?,?,?,00B29E45,?,00DFE720,00000000,00000001), ref: 00D0CE8E
                                                                                                                                            • Part of subcall function 00B24330: ___std_exception_copy.LIBVCRUNTIME ref: 00B24378
                                                                                                                                            • Part of subcall function 00B24330: ___std_exception_destroy.LIBVCRUNTIME ref: 00B24467
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B29E9E
                                                                                                                                            • Part of subcall function 00B24490: ___std_exception_copy.LIBVCRUNTIME ref: 00B244D8
                                                                                                                                            • Part of subcall function 00B24490: ___std_exception_destroy.LIBVCRUNTIME ref: 00B245D3
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B29ECE
                                                                                                                                            • Part of subcall function 00B245F0: ___std_exception_copy.LIBVCRUNTIME ref: 00B24638
                                                                                                                                            • Part of subcall function 00B245F0: ___std_exception_destroy.LIBVCRUNTIME ref: 00B24727
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B29EFE
                                                                                                                                            • Part of subcall function 00B24750: ___std_exception_copy.LIBVCRUNTIME ref: 00B247A1
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B29F2F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw___std_exception_copy$___std_exception_destroy$DispatcherExceptionUser
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 443527693-0
                                                                                                                                          • Opcode ID: 009f799f763130c2a2e60d2953dcc43d2234c31c9871a8342755c97bba6ed659
                                                                                                                                          • Instruction ID: cb57df2bf56cb6a31e3b70fb223392097defdbae17ba5d14085f1747127db49e
                                                                                                                                          • Opcode Fuzzy Hash: 009f799f763130c2a2e60d2953dcc43d2234c31c9871a8342755c97bba6ed659
                                                                                                                                          • Instruction Fuzzy Hash: CC11DD65D0021C77CF00BAF5EC46ECEB7AD9918701F418921FA18A2542E765E25856F1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2A8D0 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2A901
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2A91F
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2A93F
                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00B2A9F6
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2AA0E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 459529453-0
                                                                                                                                          • Opcode ID: d1cd79cc47c62f629c1a90cb0e4133c5d8cddb8cef15ac8d64030623dbe079a7
                                                                                                                                          • Instruction ID: c5e740074dba4e466e1b2b78dff1cbc8155546ebf6d5b245fa231a90894ada2a
                                                                                                                                          • Opcode Fuzzy Hash: d1cd79cc47c62f629c1a90cb0e4133c5d8cddb8cef15ac8d64030623dbe079a7
                                                                                                                                          • Instruction Fuzzy Hash: 7D41E731A012689FCB11DF56D484BAABBF4FF04710F1541ADE84AAB352D730ED86CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2ABB0 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2ABE1
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2ABFF
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2AC1F
                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00B2ACD6
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2ACEE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 459529453-0
                                                                                                                                          • Opcode ID: 1f7a1319aca84da5c96ecdb81dc816ef4ff9030c84a7f8a7a7fe969bee3c04ae
                                                                                                                                          • Instruction ID: a8febc511a8587f511cd1ca5b410c7cebbce44cf86f68dd8d17ac8d4428ab3c3
                                                                                                                                          • Opcode Fuzzy Hash: 1f7a1319aca84da5c96ecdb81dc816ef4ff9030c84a7f8a7a7fe969bee3c04ae
                                                                                                                                          • Instruction Fuzzy Hash: ED41A371A002289FCB15DF55D884AAEBBF4FB44710F1541A9E80AAB352D730ED46CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2AD10 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2AD41
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00B2AD5F
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2AD7F
                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00B2AE36
                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00B2AE4E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 459529453-0
                                                                                                                                          • Opcode ID: ca5de216d1b59bf982de1dacbc04f8b12fc3ffef6c5c8d9e3732c63c46ce53b9
                                                                                                                                          • Instruction ID: b15f4c1a572aa845f46477dde49a569e9cb62bbd743ee66b31678f0a915f22bd
                                                                                                                                          • Opcode Fuzzy Hash: ca5de216d1b59bf982de1dacbc04f8b12fc3ffef6c5c8d9e3732c63c46ce53b9
                                                                                                                                          • Instruction Fuzzy Hash: 9441D471A002288FCB15DF54D884AAABBF4FF04750F2541ADE80AAB352D730ED46CBD2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4F5E6 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,00D17F62,00D4F820,00000000,?,00D0CB94,?,00000000,?,?,?,00C99D86,?,?), ref: 00D4F5EB
                                                                                                                                          • _free.LIBCMT ref: 00D4F620
                                                                                                                                          • _free.LIBCMT ref: 00D4F647
                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00D4F654
                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00D4F65D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                          • Opcode ID: e5c4e5386e74b51a88adc786ba6926320b24ec5e0273688f340d03c08c43ee73
                                                                                                                                          • Instruction ID: 580c5b3c187ddb54b0056849c3f6991a5558c2c452f8f1018e8831fafce2f296
                                                                                                                                          • Opcode Fuzzy Hash: e5c4e5386e74b51a88adc786ba6926320b24ec5e0273688f340d03c08c43ee73
                                                                                                                                          • Instruction Fuzzy Hash: D901F4362407012BD6223B347C99E1B166EDBC17B572B0037FA19F22B2EB21C8064078
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5C7AF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _free.LIBCMT ref: 00D5C7C7
                                                                                                                                            • Part of subcall function 00D4F7A3: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000), ref: 00D4F7B9
                                                                                                                                            • Part of subcall function 00D4F7A3: GetLastError.KERNEL32(00000000,?,00D5CB50,00000000,00000000,00000000,00000000,?,00D5CE72,00000000,00000007,00000000,?,00D5D221,00000000,00000000), ref: 00D4F7CB
                                                                                                                                          • _free.LIBCMT ref: 00D5C7D9
                                                                                                                                          • _free.LIBCMT ref: 00D5C7EB
                                                                                                                                          • _free.LIBCMT ref: 00D5C7FD
                                                                                                                                          • _free.LIBCMT ref: 00D5C80F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                          • Opcode ID: 1eded1805bfde127cd2de205f18696db813c02a026d5c2fc40da5cadcfad74eb
                                                                                                                                          • Instruction ID: c6f6d6d138411938105290006fbfab59af5968a8650e573fb31dae25b8ee3263
                                                                                                                                          • Opcode Fuzzy Hash: 1eded1805bfde127cd2de205f18696db813c02a026d5c2fc40da5cadcfad74eb
                                                                                                                                          • Instruction Fuzzy Hash: 96F06273A14300AF9AB0DF59E5C2C1A77D9EB44711B6D2825F818F7911CB35FD888AB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A522C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00A522ED
                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A5233C
                                                                                                                                            • Part of subcall function 00C50C52: _Yarn.LIBCPMT ref: 00C50C71
                                                                                                                                            • Part of subcall function 00C50C52: _Yarn.LIBCPMT ref: 00C50C95
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00A5236E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
                                                                                                                                          • String ID: bad locale name
                                                                                                                                          • API String ID: 3628047217-1405518554
                                                                                                                                          • Opcode ID: 9ab9839416804f0a1404a2efaff949afb19a5d2445df795db7f7e455f51613ee
                                                                                                                                          • Instruction ID: 0755f883c3d57619ada45f8ff8a14768225a15a6b51df1ae8fd91a4d515c90d4
                                                                                                                                          • Opcode Fuzzy Hash: 9ab9839416804f0a1404a2efaff949afb19a5d2445df795db7f7e455f51613ee
                                                                                                                                          • Instruction Fuzzy Hash: ED118E71904B849FD320CF69C805B4BBBF8EF19710F008A6EE459D3B82D775A508CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A48760 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000), ref: 00A487A7
                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,ProductName,00000000,?,?,?), ref: 00A487E3
                                                                                                                                          Strings
                                                                                                                                          • Software\Microsoft\Windows NT\CurrentVersion, xrefs: 00A4879D
                                                                                                                                          • ProductName, xrefs: 00A487D8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: OpenQueryValue
                                                                                                                                          • String ID: ProductName$Software\Microsoft\Windows NT\CurrentVersion
                                                                                                                                          • API String ID: 4153817207-1476356772
                                                                                                                                          • Opcode ID: 974a974b13fd2bef950838695a4456b73bbb1f840886aae406d66b663c29e1d1
                                                                                                                                          • Instruction ID: a89a4ab9493a90e82aa183c5734e765ae6e6875685f317bc5be00307c8de0c7f
                                                                                                                                          • Opcode Fuzzy Hash: 974a974b13fd2bef950838695a4456b73bbb1f840886aae406d66b663c29e1d1
                                                                                                                                          • Instruction Fuzzy Hash: 2E115175900118AEDB20DF20DD55BEAB7B8FB04304F0081DAE549E6141EF71AE498FA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00BAC0F0 Relevance: 6.4, APIs: 4, Instructions: 375COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Cnd_initMtx_initMtx_unlockThrd_start
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2901745279-0
                                                                                                                                          • Opcode ID: 0e27f3fb0773180f24898d48cac273c50d3a197f6724bcfa8d5c9e42d660d232
                                                                                                                                          • Instruction ID: 3f75f2f7c79934eeed39a9ed7ae760087d2445b3e7027fa9191da8c97cb8594e
                                                                                                                                          • Opcode Fuzzy Hash: 0e27f3fb0773180f24898d48cac273c50d3a197f6724bcfa8d5c9e42d660d232
                                                                                                                                          • Instruction Fuzzy Hash: DBD1C6B1E002189BDF14DFA4DC41FEEBBF4EF45700F1445A9E81AA7281DB74AA48CB65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B3EED0 Relevance: 6.4, APIs: 5, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00B7FB00: WaitForSingleObject.KERNEL32(00000013,000000FF,00E39F98,?,?,?,00B31D48,00E39F98,00000000,00000000,bipc_gmap_sem_count_,00000014,?,?,bipc_gmap_sem_lock_,00000013), ref: 00B7FB17
                                                                                                                                            • Part of subcall function 00B7FB00: __CxxThrowException@8.LIBVCRUNTIME ref: 00B7FB71
                                                                                                                                            • Part of subcall function 00B71330: SwitchToThread.KERNEL32(00000000,?,-0000001F,00000000,00000000), ref: 00B71368
                                                                                                                                            • Part of subcall function 00B71330: Sleep.KERNEL32(00000001,00000000,?,-0000001F,00000000,00000000), ref: 00B71377
                                                                                                                                          • CloseHandle.KERNEL32(00000398), ref: 00B3EF8D
                                                                                                                                          • CloseHandle.KERNEL32(00000394), ref: 00B3EF9F
                                                                                                                                          • CloseHandle.KERNEL32(00000394), ref: 00B3EFB9
                                                                                                                                          • CloseHandle.KERNEL32(00000398), ref: 00B3EFCB
                                                                                                                                          • CloseHandle.KERNEL32(00000398), ref: 00B3EFDB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseHandle$Exception@8ObjectSingleSleepSwitchThreadThrowWait
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 791262575-0
                                                                                                                                          • Opcode ID: eb2fb36326dbbbf210cab8c33918985d90c2a82f7b3399f9d35fb9d0b210298a
                                                                                                                                          • Instruction ID: 6f4cdebe97610dadbbb8018cf7618c0d8245293fce686586c6d058fae39bc635
                                                                                                                                          • Opcode Fuzzy Hash: eb2fb36326dbbbf210cab8c33918985d90c2a82f7b3399f9d35fb9d0b210298a
                                                                                                                                          • Instruction Fuzzy Hash: AE31C471900A06ABEB10DB68CC45BAEB7A8EF04320F24475AF434A72D0E7B4F915CBD5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B7FB00 Relevance: 6.2, APIs: 4, Instructions: 225synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000013,000000FF,00E39F98,?,?,?,00B31D48,00E39F98,00000000,00000000,bipc_gmap_sem_count_,00000014,?,?,bipc_gmap_sem_lock_,00000013), ref: 00B7FB17
                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00B31D48,00E39F98,00000000,00000000,bipc_gmap_sem_count_,00000014,?,?,bipc_gmap_sem_lock_,00000013,?), ref: 00B7FB4C
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00B7FB71
                                                                                                                                            • Part of subcall function 00B7B400: ReleaseMutex.KERNEL32(00B7FB2E,?,00B7FB2E,00000013,?,?,?,00B31D48,00E39F98,00000000,00000000,bipc_gmap_sem_count_,00000014,?,?,bipc_gmap_sem_lock_), ref: 00B7B406
                                                                                                                                          • __fread_nolock.LIBCMT ref: 00B7FD10
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorException@8LastMutexObjectReleaseSingleThrowWait__fread_nolock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3614667012-0
                                                                                                                                          • Opcode ID: cda85022922226aa64a9a28240b274e137483d2d8ed5da94713464ed898a5017
                                                                                                                                          • Instruction ID: 4c9306468daf2f64eb902abcab0cfe311a845c5759ce16c724dded9b8336ab8e
                                                                                                                                          • Opcode Fuzzy Hash: cda85022922226aa64a9a28240b274e137483d2d8ed5da94713464ed898a5017
                                                                                                                                          • Instruction Fuzzy Hash: FA716C72A0021A9BCB15DF6CD880AAEB7F5EF48310F2581B9EC289B351D731DD068B94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A4C280 Relevance: 6.2, APIs: 4, Instructions: 217COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,5A381189,?,?,000000FF), ref: 00A4C2C7
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,?,?,000000FF,00000000,00000000,5A381189,?,?,000000FF), ref: 00A4C2EB
                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,000000FF,?,00000000,00000000,?), ref: 00A4C386
                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000,00000000,00000000,00000000,?,?,000000FF,?,00000000,00000000,?), ref: 00A4C3AB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 626452242-0
                                                                                                                                          • Opcode ID: d19a0717a5d72bdc2eea4de5320d8235eea65d262f851c62dc64bd345778863d
                                                                                                                                          • Instruction ID: 59d2cd51f9c115cbbb73cf090746edaf5173f30bd7affc41c2195b8619834f99
                                                                                                                                          • Opcode Fuzzy Hash: d19a0717a5d72bdc2eea4de5320d8235eea65d262f851c62dc64bd345778863d
                                                                                                                                          • Instruction Fuzzy Hash: 3C715831A01214ABDB18DFA8CD55BEEBB74EF89720F244218F415BB2D5DBB06D418BA4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D5FA43 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _free
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                          • Opcode ID: 83b5302b2335995238f571efe4ea22ed50045110028f50f5d2b0b6271d9f5d95
                                                                                                                                          • Instruction ID: aa94af81466e0928d5484c5882f3156a34164d8cda9f8439d499ef9fdb0fa7ee
                                                                                                                                          • Opcode Fuzzy Hash: 83b5302b2335995238f571efe4ea22ed50045110028f50f5d2b0b6271d9f5d95
                                                                                                                                          • Instruction Fuzzy Hash: B341FD31A04201EBDF217B78DC95AAE3AB5EF45371F180135FD2CDE1E1EA74498A4672
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D2BF72 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cc52b2c67f8dde1cfb2714116cc6bab5036aaaad4fde73eee3e3d587469638f2
                                                                                                                                          • Instruction ID: 96ebaff8a866a17984a71317c081d7b8c89d20e85102b1f3a654ed1ae7779c9d
                                                                                                                                          • Opcode Fuzzy Hash: cc52b2c67f8dde1cfb2714116cc6bab5036aaaad4fde73eee3e3d587469638f2
                                                                                                                                          • Instruction Fuzzy Hash: 17410671604354AFD7249F38DD42BAEBBE8EF98724F10412AF115DB281D7B2A9418BB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B36BC0 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • 73A24D40.GDI32(00000000,00000000,00B746DA,?,00000010,?,00000000,00B746DA,00CC0020,000000FF,?,?,00B36BAE,?,5A381189,?), ref: 00B36C64
                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00B36C6F
                                                                                                                                          • DeleteObject.GDI32(?), ref: 00B36C7D
                                                                                                                                          • DeleteDC.GDI32(?), ref: 00B36C9B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DeleteObject$Select
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 207189511-0
                                                                                                                                          • Opcode ID: 5b6c41ed37f093c313fc710c75b1e11936738e3d62c631f7379e3dd780d8350a
                                                                                                                                          • Instruction ID: 2903337e8f4dc188c7cbdb8df15a14b89538fd1ab217c1f9f81a1ee5197881c9
                                                                                                                                          • Opcode Fuzzy Hash: 5b6c41ed37f093c313fc710c75b1e11936738e3d62c631f7379e3dd780d8350a
                                                                                                                                          • Instruction Fuzzy Hash: D3417E70200602BFDB14EF28DD59BAAF7E9FF44350F648269E419C7260DB70A950CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D56348 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,00DC55A0,00000000,00000000,E831FFC3,00D4ABA8,?,00000004,00000001,00DC55A0,0000007F,?,E831FFC3,00000001), ref: 00D56395
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D5641E
                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00D56430
                                                                                                                                          • __freea.LIBCMT ref: 00D56439
                                                                                                                                            • Part of subcall function 00D4F7DD: RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00D4F80F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                          • Opcode ID: 6570afd3e6fbd564a28f22caa2adb254072a4e08ccec417013e2918e243beda7
                                                                                                                                          • Instruction ID: 19bcabf08821e489dbe2f1c723dd01d1df248e4322506e1406a44ccff98e28f8
                                                                                                                                          • Opcode Fuzzy Hash: 6570afd3e6fbd564a28f22caa2adb254072a4e08ccec417013e2918e243beda7
                                                                                                                                          • Instruction Fuzzy Hash: 8231DC32A0021AAFDF249F64DC41EAE7BA5EF40751B890169FC04D7290EB35CC99DBB0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00C53990 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 531285432-0
                                                                                                                                          • Opcode ID: 712c0123893ac7eb7154679e3ed97d581e67616de09dc2c503308d5aaddd1502
                                                                                                                                          • Instruction ID: 0107a826c64925f9652c090c926f248ebda6aa12516504812c32f016cfc80242
                                                                                                                                          • Opcode Fuzzy Hash: 712c0123893ac7eb7154679e3ed97d581e67616de09dc2c503308d5aaddd1502
                                                                                                                                          • Instruction Fuzzy Hash: 53215379E001499FDF00EF95DC829BEB7B8EF09751F100016F901A7261DB34AE49AB65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D512E9 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,000000FF,00000000,00000000,?,00D51290,000000FF,00000000,00000000,00000000,?,00D51627,00000006,FlsSetValue), ref: 00D5131B
                                                                                                                                          • GetLastError.KERNEL32(?,00D51290,000000FF,00000000,00000000,00000000,?,00D51627,00000006,FlsSetValue,00DC6198,FlsSetValue,00000000,00000364,?,00D4F634), ref: 00D51327
                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00D51290,000000FF,00000000,00000000,00000000,?,00D51627,00000006,FlsSetValue,00DC6198,FlsSetValue,00000000), ref: 00D51335
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                          • Opcode ID: 627a4a960d7f136f1495e18d8d8853caa74f118f973bbd32776ac8aa0f02a2f2
                                                                                                                                          • Instruction ID: f5eabc855c601ef4f3c5c00f1c98743cfe8b9661a0f6e07061f6c54a749bba8c
                                                                                                                                          • Opcode Fuzzy Hash: 627a4a960d7f136f1495e18d8d8853caa74f118f973bbd32776ac8aa0f02a2f2
                                                                                                                                          • Instruction Fuzzy Hash: A101D43A201326ABEF214B69AC58F563B99AF05BA27250121ED55E3640D720E808C7F0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00BA6530 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 261COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _strpbrk
                                                                                                                                          • String ID: null
                                                                                                                                          • API String ID: 3221230779-634125391
                                                                                                                                          • Opcode ID: 836d956e76d211096da1fea6162441f07833e16989c40231315ed392497dbc9c
                                                                                                                                          • Instruction ID: 01ba4daf90da240bceba665e6a781e0860cd34822681ad6cfcf8b29ce3b8ede5
                                                                                                                                          • Opcode Fuzzy Hash: 836d956e76d211096da1fea6162441f07833e16989c40231315ed392497dbc9c
                                                                                                                                          • Instruction Fuzzy Hash: 62A15771904344DFDB10DF64C842BEDBBF4AF56710F08419EE4516B2D2EBB4AA48CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B30090 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 226COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00B2B990: std::locale::_Init.LIBCPMT ref: 00B2B9D5
                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00B30233
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Init___std_exception_copystd::locale::_
                                                                                                                                          • String ID: <unspecified file>
                                                                                                                                          • API String ID: 2722897390-520387994
                                                                                                                                          • Opcode ID: 7f049d6806719eab3a0bd99c8559daae9a1f385bdd8c1ae2bffd6206da2f72f8
                                                                                                                                          • Instruction ID: 7c10f0932a0086ed3e5e18eea9a1c5053a9494f87538e61fdb0ba427f453e294
                                                                                                                                          • Opcode Fuzzy Hash: 7f049d6806719eab3a0bd99c8559daae9a1f385bdd8c1ae2bffd6206da2f72f8
                                                                                                                                          • Instruction Fuzzy Hash: 8C9160B59102199FDB14DF94D845B9EFBF8FF09314F10859AE409A7741E770AA88CFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A64710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A647E6
                                                                                                                                          • __allrem.LIBCMT ref: 00A648A3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                          • String ID: local time unavailable
                                                                                                                                          • API String ID: 1992179935-3313036412
                                                                                                                                          • Opcode ID: 5377411460a3810cb1506cff1668f3c28618ed9798484ce9b4913c90f5bf2cae
                                                                                                                                          • Instruction ID: 5dd2f5f53f688f149eff1fadf2b16ebf8cedc461ff8d1c9ed7f48b18258c0843
                                                                                                                                          • Opcode Fuzzy Hash: 5377411460a3810cb1506cff1668f3c28618ed9798484ce9b4913c90f5bf2cae
                                                                                                                                          • Instruction Fuzzy Hash: 2751BB319087808FE321DF39C841B6AB7F5BF98314F144B1EF4D997291EB74A5848B92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2F870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00B2F8D1
                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00B2F94E
                                                                                                                                          Strings
                                                                                                                                          • Day of month value is out of range 1..31, xrefs: 00B2F88E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ___std_exception_copy
                                                                                                                                          • String ID: Day of month value is out of range 1..31
                                                                                                                                          • API String ID: 2659868963-1361117730
                                                                                                                                          • Opcode ID: 1695bbba8270ad1ef7d26bd92889a2d71cd35bd84135c991403737688d2d501b
                                                                                                                                          • Instruction ID: 05702c9ae3c44a312620b478a9de36d2243f23dcff3ea93d973fe1d540a8b3e3
                                                                                                                                          • Opcode Fuzzy Hash: 1695bbba8270ad1ef7d26bd92889a2d71cd35bd84135c991403737688d2d501b
                                                                                                                                          • Instruction Fuzzy Hash: E821BF71D10219AFDB14DFA8D8416DEBBF8EF0A700F10826EE454B7341E775AA848B64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00B2FA80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00B2FAE1
                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00B2FB5E
                                                                                                                                          Strings
                                                                                                                                          • Month number is out of range 1..12, xrefs: 00B2FA9E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ___std_exception_copy
                                                                                                                                          • String ID: Month number is out of range 1..12
                                                                                                                                          • API String ID: 2659868963-4198407886
                                                                                                                                          • Opcode ID: 36bacc0fe58b7ba47c13507452273d1569cd9f9fb2c813a7692de60d0c8b1645
                                                                                                                                          • Instruction ID: 01728a53eaebffc65d3506649bc3e7848d0c6fdf449164dd4073e042e280d836
                                                                                                                                          • Opcode Fuzzy Hash: 36bacc0fe58b7ba47c13507452273d1569cd9f9fb2c813a7692de60d0c8b1645
                                                                                                                                          • Instruction Fuzzy Hash: 9721D171E102199FDB14DFA8D841ADEBBF8EF0A700F10826EE045B7341E774A984CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00A545A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,00000000,00000000,?,-00000002,name,?,?,00A57195), ref: 00A545D3
                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,00000000,00A57195,00000000,00000000,00A57195,?,?,5A381189,00000000,-00000002,00000000), ref: 00A54610
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                          • String ID: name
                                                                                                                                          • API String ID: 626452242-1579384326
                                                                                                                                          • Opcode ID: 59a56a95388faedaa04bb48e638c8e00d47274f8ba1ea4aad282b66347615f71
                                                                                                                                          • Instruction ID: 782d7b7a5bdc5bf64246e671ddda1a2ff5b60d2b69ddafa8b101384f7f175a15
                                                                                                                                          • Opcode Fuzzy Hash: 59a56a95388faedaa04bb48e638c8e00d47274f8ba1ea4aad282b66347615f71
                                                                                                                                          • Instruction Fuzzy Hash: AE212775640301BBE7249F189C02FBAB7A9EF85704F140259FD05AB6C0EBB16E0487A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00BA4960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00BA496D
                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00BA497B
                                                                                                                                            • Part of subcall function 00D0CE2E: KiUserExceptionDispatcher.NTDLL(?,?,?,00DFE720,?,?,00B746EE,?,?,?,00B29E45,?,00DFE720,00000000,00000001), ref: 00D0CE8E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DispatcherExceptionException@8ThrowUserstd::invalid_argument::invalid_argument
                                                                                                                                          • String ID: @3
                                                                                                                                          • API String ID: 674140177-142348992
                                                                                                                                          • Opcode ID: 4d77b85b85da405ce274667783488e8b0ab264aa2ced9d2d42da05b5f4b5bdd5
                                                                                                                                          • Instruction ID: 2a02425666d951c872e9a33cd66f1ed2afe8faaf76ac79e5a646fe86f9854931
                                                                                                                                          • Opcode Fuzzy Hash: 4d77b85b85da405ce274667783488e8b0ab264aa2ced9d2d42da05b5f4b5bdd5
                                                                                                                                          • Instruction Fuzzy Hash: F1C0127090430D67CE04FAF9C557DCD77EC9908744B100560F500B3141D921FA4446B4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D15DF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: NameName::
                                                                                                                                          • String ID: {flat}
                                                                                                                                          • API String ID: 1333004437-2606204563
                                                                                                                                          • Opcode ID: a904469fee09793571f1448fbdd425dc86d8ee0de38d77287cbed39e82e962ab
                                                                                                                                          • Instruction ID: 547ebc442cd31999210d4d5235462577784c886e5b568418bc90a80386750ca6
                                                                                                                                          • Opcode Fuzzy Hash: a904469fee09793571f1448fbdd425dc86d8ee0de38d77287cbed39e82e962ab
                                                                                                                                          • Instruction Fuzzy Hash: 00F05230504208EFDB009F98E46ABE43BE4AB41315F088045E50D4F2A2CBB89AD086A0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00D4F894 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,00D6F4D0,00D6F4D0,00000000,00000000,00000000,?,?), ref: 00D4F92A
                                                                                                                                          • GetLastError.KERNEL32 ref: 00D4F938
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,?,00000000), ref: 00D4F993
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2922158925.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2922128764.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922158925.0000000000EE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922735812.0000000000EF9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922765736.0000000000EFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2922793827.0000000000EFB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_a40000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                          • Opcode ID: 8923b4a010af37b00f372a42374cfe9e65c12c608265132737f5938950dfad92
                                                                                                                                          • Instruction ID: 52d90da3829c6c256c931e34aa67e760546afbb43a1e3a58c57f8a126c094987
                                                                                                                                          • Opcode Fuzzy Hash: 8923b4a010af37b00f372a42374cfe9e65c12c608265132737f5938950dfad92
                                                                                                                                          • Instruction Fuzzy Hash: 02419531604246BFDB219F68D844BBE7BA5EF01364F294179F8A99B2B1DB308D41CB70
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%