Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2Dhg4Ngjrv.exe

Overview

General Information

Sample name:2Dhg4Ngjrv.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:F3E67D4AAF127901C941D470CC8AFA3C85E9106AA482FF07C8D7D0580CB087BD
Analysis ID:1430441
MD5:b93d29868056c5d30ef7e86723881967
SHA1:622ddfe987c378a944873f488ec7d55b538c3d41
SHA256:f3e67d4aaf127901c941d470cc8afa3c85e9106aa482ff07c8d7d0580cb087bd
Infos:

Detection

Score:8
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Potential time zone aware malware
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • 2Dhg4Ngjrv.exe (PID: 6688 cmdline: "C:\Users\user\Desktop\2Dhg4Ngjrv.exe" MD5: B93D29868056C5D30EF7E86723881967)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 2Dhg4Ngjrv.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FAE50A0 SafeRWList,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,FindClose,SafeRWList,0_2_00007FF61FAE50A0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB5BC18 Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,task,Concurrency::details::WorkQueue::IsStructuredEmpty,task,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindClose,shared_ptr,Concurrency::details::WorkQueue::IsStructuredEmpty,0_2_00007FF61FB5BC18
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FAD5E74 WSARecv,WSAGetLastError,0_2_00007FF61FAD5E74
Source: 2Dhg4Ngjrv.exeString found in binary or memory: https://neutralino.js.org
Source: 2Dhg4Ngjrv.exeString found in binary or memory: https://neutralino.js.orgbad
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB582A8 OpenClipboard,Sleep,0_2_00007FF61FB582A8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB58BA0 RegisterClipboardFormatA,Concurrency::details::_Scheduler::_Scheduler,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalAlloc,Concurrency::details::_Scheduler::_Scheduler,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalLock,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalUnlock,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,0_2_00007FF61FB58BA0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB5844C MultiByteToWideChar,GlobalLock,MultiByteToWideChar,GlobalUnlock,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalLock,GlobalUnlock,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,0_2_00007FF61FB5844C
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB596E4 RegisterClipboardFormatA,IsClipboardFormatAvailable,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,0_2_00007FF61FB596E4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FBA8F400_2_00007FF61FBA8F40
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FBB36340_2_00007FF61FBB3634
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB3E0A40_2_00007FF61FB3E0A4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB7E0A00_2_00007FF61FB7E0A0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8DF240_2_00007FF61FB8DF24
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB9DBF40_2_00007FF61FB9DBF4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8DBA00_2_00007FF61FB8DBA0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB99A880_2_00007FF61FB99A88
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB61A380_2_00007FF61FB61A38
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB3DA300_2_00007FF61FB3DA30
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB715940_2_00007FF61FB71594
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB614D00_2_00007FF61FB614D0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB9D3B80_2_00007FF61FB9D3B8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FBA91BC0_2_00007FF61FBA91BC
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB650C80_2_00007FF61FB650C8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8CFD80_2_00007FF61FB8CFD8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8CDD40_2_00007FF61FB8CDD4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8CBC80_2_00007FF61FB8CBC8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8C9C40_2_00007FF61FB8C9C4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB708EC0_2_00007FF61FB708EC
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8C7B80_2_00007FF61FB8C7B8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8C5B40_2_00007FF61FB8C5B4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB9C37C0_2_00007FF61FB9C37C
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB9FEF00_2_00007FF61FB9FEF0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB9B5B80_2_00007FF61FB9B5B8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB7B2A80_2_00007FF61FB7B2A8
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8F1380_2_00007FF61FB8F138
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB9F03C0_2_00007FF61FB9F03C
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FBB2F980_2_00007FF61FBB2F98
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB8ED340_2_00007FF61FB8ED34
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FADC4F0 appears 44 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA081F4 appears 35 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA2A208 appears 139 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA072F4 appears 35 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA6F328 appears 82 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA1FD8C appears 79 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FAD9210 appears 74 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA075A0 appears 32 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FADC558 appears 75 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FA12F1C appears 474 times
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: String function: 00007FF61FB89030 appears 181 times
Source: classification engineClassification label: clean8.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB5A068 SHCreateMemStream,Concurrency::details::_Scheduler::_Scheduler,CoCreateInstance,CoCreateInstance,0_2_00007FF61FB5A068
Source: 2Dhg4Ngjrv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2Dhg4Ngjrv.exeString found in binary or memory: 0123456789abcdefABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/loadedconnectedreturnValue
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSection loaded: wintypes.dllJump to behavior
Source: 2Dhg4Ngjrv.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: 2Dhg4Ngjrv.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 2Dhg4Ngjrv.exeStatic file information: File size 2481152 > 1048576
Source: 2Dhg4Ngjrv.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1cf400
Source: 2Dhg4Ngjrv.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 2Dhg4Ngjrv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB14F78 LoadLibraryA,GetProcAddress,0_2_00007FF61FB14F78
Source: 2Dhg4Ngjrv.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB66FCA push rbp; iretd 0_2_00007FF61FB66FCB
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeAPI coverage: 4.2 %
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FAE50A0 SafeRWList,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,FindClose,SafeRWList,0_2_00007FF61FAE50A0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB5BC18 Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,task,Concurrency::details::WorkQueue::IsStructuredEmpty,task,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindClose,shared_ptr,Concurrency::details::WorkQueue::IsStructuredEmpty,0_2_00007FF61FB5BC18
Source: 2Dhg4Ngjrv.exe, 00000000.00000003.2164433771.0000024BC76C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZ
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB880D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61FB880D4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FA02D63 LoadLibraryW,GetProcAddress,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetProcAddress,FreeLibrary,0_2_00007FF61FA02D63
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB14F78 LoadLibraryA,GetProcAddress,0_2_00007FF61FB14F78
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB55BF4 GetProcessHeap,HeapAlloc,CreateFileW,CreateIoCompletionPort,CloseHandle,GetProcessHeap,HeapFree,0_2_00007FF61FB55BF4
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB81B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF61FB81B18
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB880D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61FB880D4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: EnumSystemLocalesW,0_2_00007FF61FBA2058
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: GetLocaleInfoEx,0_2_00007FF61FB80FCC
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF61FBB07A0
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF61FBB05BC
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: EnumSystemLocalesW,0_2_00007FF61FBB0184
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: EnumSystemLocalesW,0_2_00007FF61FBB00B4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF61FBAFD58
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00007FF61FB5F584
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB899FC GetSystemTimeAsFileTime,0_2_00007FF61FB899FC
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FBA8F40 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF61FBA8F40
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FB3D940 RtlGetVersion,0_2_00007FF61FB3D940
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FAC3EC4 listen,0_2_00007FF61FAC3EC4
Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exeCode function: 0_2_00007FF61FA7FAB0 bind,0_2_00007FF61FA7FAB0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping12
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Obfuscated Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop Protocol3
Clipboard Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2Dhg4Ngjrv.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://neutralino.js.org0%Avira URL Cloudsafe
https://neutralino.js.orgbad0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://neutralino.js.org2Dhg4Ngjrv.exefalse
  • Avira URL Cloud: safe
unknown
https://neutralino.js.orgbad2Dhg4Ngjrv.exefalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430441
Start date and time:2024-04-23 16:51:33 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:2Dhg4Ngjrv.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:F3E67D4AAF127901C941D470CC8AFA3C85E9106AA482FF07C8D7D0580CB087BD
Detection:CLEAN
Classification:clean8.winEXE@1/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 86%
  • Number of executed functions: 45
  • Number of non-executed functions: 295
Cookbook Comments:
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • VT rate limit hit for: 2Dhg4Ngjrv.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\Null

Download File
Process:C:\Users\user\Desktop\2Dhg4Ngjrv.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):257
Entropy (8bit):5.160973988182377
Encrypted:false
SSDEEP:6:ha3cmaYD1n/3bL8mWpV3Ly0Oa39V5nkk5KpRye:hO71PvQ5LWQSpRV
MD5:1E9B4B1AFFFE9E42BE89E02D15239E16
SHA1:F9655333C681148B33A5F573187232A529BFB39B
SHA-256:3B350B5ED2E0867EFF9CAEB9586D9CF0542EC7B09BAF2C721771C3002246CF57
SHA-512:183C4BDC47883A77B21654C0C8E693B8DAB66718B5FE5DE2EBF8D2ADD4C407B16B3D4C6324CFDFBAB4B129A2BCAFC657655272EA11D01A0E587313EE5457B23A
Malicious:false
Reputation:low
Preview:2024-04-23 16:52:24,632 ERROR [default] NE_RS_TREEGER: Resource file tree generation error. C:/Users/user/Desktop/resources.neu is missing...2024-04-23 16:52:24,648 ERROR [default] NE_CF_UNBLDCF: Unable to load the config file: /neutralino.config.json..

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.061123988631966
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:2Dhg4Ngjrv.exe
File size:2'481'152 bytes
MD5:b93d29868056c5d30ef7e86723881967
SHA1:622ddfe987c378a944873f488ec7d55b538c3d41
SHA256:f3e67d4aaf127901c941d470cc8afa3c85e9106aa482ff07c8d7d0580cb087bd
SHA512:40d137a65fc6b99cbf1f434ba96007954ecbdeca31e2fd25fb09ae7db3fddce3000a4ae5cd7b77449f46131d0f2e1454e6c24a5d9ec93ab069433076132a4074
SSDEEP:24576:VYNyMBJYC0kGy0RHcbnruBh3C/YPsql16IWOOM9WqTa17o2br7BHLSZ:V+rLp0aWHYavoQsi1xWPMXa5/37B
TLSH:8BB5E85BEABA52E1D5BAD034C543752FFC7034AA81306713AB929B171B27770E93EB40
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y5.[.[.[.[.[.[..`X.V.[..`^...[.R`..Y.[..d_.I.[..d^.<.[..dX.W.[..`_.L.[..`Z.F.[.[.Z...[.[.[.].[..e^...[..eY.Z.[.Rich[.[........

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x1401821cc
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x650AD81E [Wed Sep 20 11:31:42 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:7cef45311340e3fa4dd2b02e42c276ff

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F7F9D4AF54Ch
dec eax
add esp, 28h
jmp 00007F7F9D4AF12Fh
int3
int3
dec eax
sub esp, 48h
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F7F9D341D73h
dec eax
lea edx, dword ptr [000A368Bh]
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F7F9D4B04C6h
int3
mov eax, 00000001h
ret
int3
int3
xor eax, eax
cmp dword ptr [000B6E68h], eax
setne al
ret
and dword ptr [000B5FB9h], 00000000h
ret
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
lea ebp, dword ptr [esp-000004C0h]
dec eax
sub esp, 000005C0h
mov ebx, ecx
mov ecx, 00000017h
call dword ptr [0004F2EAh]
test eax, eax
je 00007F7F9D4AF2B6h
mov ecx, ebx
int 29h
mov ecx, 00000003h
call 00007F7F9D4AF279h
xor edx, edx
dec eax
lea ecx, dword ptr [ebp-10h]
inc ecx
mov eax, 000004D0h
call 00007F7F9D4AFFA4h
dec eax
lea ecx, dword ptr [ebp-10h]
call dword ptr [0004F32Dh]
dec eax
mov ebx, dword ptr [ebp+000000E8h]
dec eax
lea edx, dword ptr [ebp+000004D8h]
dec eax
mov ecx, ebx
inc ebp
xor eax, eax
call dword ptr [0004F31Bh]
dec eax
test eax, eax
je 00007F7F9D4AF2EEh
dec eax
and dword ptr [esp+38h], 00000000h
dec eax
lea ecx, dword ptr [ebp+000000E0h]

Rich Headers

Programming Language:
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x2269780x140.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x23a0000x27720.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2630000x20b4.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x1f83e00x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x1f84000x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1f82a00x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x1d10000xa68.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1cf38c0x1cf40071ec37de8078aa310e06fee5d4ab1371False0.3481105386535348data5.825346310502059IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x1d10000x57c500x57e001792a38e83fdb30dd4cacfc792045e1fFalse0.3775726795874822data5.34211490194566IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x2290000x1007c0xca00f24267d4e889e39949966ce59f095281False0.1357711943069307dBase III DBT, next free block index 1075652846, 1st item "`M\036@\001"4.791789423843904IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x23a0000x277200x2780024e3fdd6c0b61825fb89f4199df685b7False0.42398882515822783Novell LANalyzer capture file6.120808837638137IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x2620000x15c0x2003b6183099093a03479ddfa7cf9d1cae0False0.404296875data3.330100609041145IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x2630000x20b40x2200ecb74fd81595ffe5336fc43f6911f1fcFalse0.3259420955882353data5.4098379788491355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLLImport
GDI32.dllGetDeviceCaps
VERSION.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
ole32.dllCoWaitForMultipleHandles, CoInitializeEx, CoUninitialize, CoInitializeSecurity, CoSetProxyBlanket, CreateStreamOnHGlobal, GetHGlobalFromStream, CoCreateFreeThreadedMarshaler, CoInitialize, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance
OLEAUT32.dllSetErrorInfo, GetErrorInfo, SysFreeString, SysAllocString, VariantClear, SysStringLen
ntdll.dllRtlUnwind, RtlUnwindEx, RtlGetVersion, VerSetConditionMask
dwmapi.dllDwmSetWindowAttribute
WS2_32.dllWSAAddressToStringW, WSAStringToAddressW, WSASocketW, WSASend, WSARecv, WSAStartup, WSACleanup, bind, closesocket, WSAGetLastError, WSASetLastError, shutdown, setsockopt, ntohs, ntohl, listen, htons, htonl, getsockopt, getsockname, getpeername, ioctlsocket
MSWSOCK.dllGetAcceptExSockaddrs, AcceptEx
KERNEL32.dllGetConsoleOutputCP, FlushFileBuffers, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, SetCurrentDirectoryW, SetEnvironmentVariableW, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeW, FreeLibraryAndExitThread, ExitThread, CreateThread, GetCommandLineW, GetCommandLineA, WriteConsoleW, GetFileType, GetStdHandle, InterlockedPushEntrySList, SetFilePointerEx, ReadConsoleW, GetTimeZoneInformation, GetFullPathNameW, SetStdHandle, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCurrentThreadId, GetSystemDirectoryA, FreeLibrary, LoadLibraryA, VerifyVersionInfoW, CreateActCtxA, ActivateActCtx, DeactivateActCtx, MultiByteToWideChar, WideCharToMultiByte, GetLastError, PostQueuedCompletionStatus, EnterCriticalSection, LeaveCriticalSection, TlsAlloc, TlsFree, LocalFree, FormatMessageA, CloseHandle, SetLastError, CreateIoCompletionPort, GetQueuedCompletionStatus, CancelIoEx, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetEvent, WaitForSingleObject, SleepEx, CreateEventW, SetWaitableTimer, WaitForMultipleObjects, CreateWaitableTimerW, QueueUserAPC, TerminateThread, TlsGetValue, TlsSetValue, GetModuleHandleA, GetProcAddress, GetCurrentProcessId, TerminateProcess, OpenProcess, GetCurrentDirectoryW, CreateDirectoryW, CreateFileW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetFileSizeEx, RemoveDirectoryW, DecodePointer, HeapAlloc, HeapReAlloc, HeapFree, SetEndOfFile, GetProcessHeap, InitializeCriticalSectionEx, CopyFileW, MoveFileW, GetFileInformationByHandleEx, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetFileAttributesW, GetModuleHandleW, EnumResourceNamesW, SetFileAttributesA, ExitProcess, GetModuleFileNameA, LoadLibraryExW, GetEnvironmentVariableA, GetFileAttributesA, GetSystemTimeAsFileTime, GetNativeSystemInfo, QueryPerformanceFrequency, GetLogicalProcessorInformation, GlobalMemoryStatusEx, ReadDirectoryChangesW, ReadFile, WriteFile, SetHandleInformation, CreatePipe, GetExitCodeProcess, CreateProcessW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, Sleep, GlobalAlloc, GlobalSize, GlobalUnlock, GlobalLock, GlobalFree, GetDriveTypeA, InitializeCriticalSection, GetModuleFileNameW, OutputDebugStringA, OutputDebugStringW, LoadLibraryW, GetEnvironmentVariableW, RtlPcToFileHeader, RaiseException, QueryPerformanceCounter, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableSRW, InitOnceBeginInitialize, InitOnceComplete, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, IsProcessorFeaturePresent, WaitForSingleObjectEx, GetExitCodeThread, GetLocaleInfoEx, GetStringTypeW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, EncodePointer, CompareStringEx, GetCPInfo, LCMapStringEx, ResetEvent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsDebuggerPresent, GetStartupInfoW, InitializeSListHead, GetConsoleMode, HeapSize, FormatMessageW
USER32.dllRegisterClassExW, CreateWindowExW, DestroyWindow, ShowWindow, MoveWindow, SetWindowPos, IsWindowVisible, IsZoomed, GetSystemMetrics, TrackPopupMenu, GetMenuItemInfoW, SetForegroundWindow, SetWindowTextW, GetWindowTextW, GetWindowTextLengthW, GetClientRect, GetWindowRect, GetWindowLongW, SetWindowLongW, GetWindowLongPtrW, SetWindowLongPtrW, GetDesktopWindow, LoadImageW, MonitorFromWindow, GetMonitorInfoW, GetRawInputDeviceList, GetDC, PostQuitMessage, EnumDisplayDevicesW, EnumDisplayMonitors, OpenClipboard, CloseClipboard, SetClipboardData, GetClipboardData, RegisterClipboardFormatA, RegisterClipboardFormatW, EmptyClipboard, IsClipboardFormatAvailable, PeekMessageW, TranslateMessage, LoadIconW, FindWindowW, GetForegroundWindow, UpdateWindow, GetActiveWindow, MessageBoxW, EnumWindows, GetWindowThreadProcessId, GetCursorPos, InsertMenuItemW, InsertMenuW, DestroyMenu, CreatePopupMenu, SendMessageW, DefWindowProcW, PostThreadMessageW, GetMessageW, DestroyIcon, EnumDisplaySettingsW, DispatchMessageW
ADVAPI32.dllRegOpenKeyExA, RegQueryValueExA, RegGetValueW, EventRegister, EventSetInformation, EventWriteTransfer, EventUnregister, RegOpenKeyExW, RegQueryValueExW, RegCloseKey
SHELL32.dllShellExecuteW, SHGetPathFromIDListW, Shell_NotifyIconW, SHBrowseForFolderW, SHGetKnownFolderPath
SHLWAPI.dllPathRemoveFileSpecW, PathFindFileNameA
gdiplus.dllGdipDisposeImage, GdipCloneImage, GdipFree, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHICONFromBitmap, GdipAlloc, GdiplusStartup, GdiplusShutdown
api-ms-win-core-com-l1-1-0.dllCoGetApartmentType, CoGetObjectContext

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:16:52:24
Start date:23/04/2024
Path:C:\Users\user\Desktop\2Dhg4Ngjrv.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\2Dhg4Ngjrv.exe"
Imagebase:0x7ff61fa00000
File size:2'481'152 bytes
MD5 hash:B93D29868056C5D30EF7E86723881967
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:2.9%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:0.1%
    Total number of Nodes:1275
    Total number of Limit Nodes:85
    execution_graph 113239 7ff61fa03414 113244 7ff61fb81624 113239->113244 113252 7ff61fb815e8 113244->113252 113246 7ff61fa03424 113247 7ff61fa36ab0 113246->113247 113257 7ff61fa380d4 113247->113257 113250 7ff61fa03432 113253 7ff61fb81602 113252->113253 113255 7ff61fb815fb shared_ptr 113252->113255 113256 7ff61fb9f388 16 API calls shared_ptr 113253->113256 113255->113246 113256->113255 113258 7ff61fa38161 113257->113258 113259 7ff61fa38115 WSAStartup 113257->113259 113263 7ff61fb819e0 113258->113263 113259->113258 113262 7ff61fa38224 25 API calls 2 library calls 113262->113250 113264 7ff61fb819e9 113263->113264 113265 7ff61fa36ace 113264->113265 113266 7ff61fb81b4c IsProcessorFeaturePresent 113264->113266 113265->113250 113265->113262 113267 7ff61fb81b64 113266->113267 113272 7ff61fb81d40 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 113267->113272 113269 7ff61fb81b77 113273 7ff61fb81b18 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 113269->113273 113272->113269 113274 7ff61fa031c4 113289 7ff61fb813a8 113274->113289 113277 7ff61fa0327b 113334 7ff61fa35ed4 4 API calls 3 library calls 113277->113334 113278 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113280 7ff61fa031fa 113278->113280 113282 7ff61fa03207 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113280->113282 113283 7ff61fa03226 113280->113283 113281 7ff61fa032a6 113284 7ff61fb81624 shared_ptr 16 API calls 113281->113284 113282->113283 113295 7ff61fa35e24 _Ptr_base 113283->113295 113286 7ff61fa032cd 113284->113286 113287 7ff61fa03248 113299 7ff61fb20b08 113287->113299 113290 7ff61fb813b3 113289->113290 113291 7ff61fa031df 113290->113291 113292 7ff61fb813de Concurrency::cancel_current_task 113290->113292 113335 7ff61fb5da74 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc Concurrency::cancel_current_task 113290->113335 113291->113277 113291->113278 113296 7ff61fa35e4b Concurrency::details::_Scheduler::_Scheduler 113295->113296 113297 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113296->113297 113298 7ff61fa35e56 _Ptr_base 113297->113298 113298->113287 113300 7ff61fb20b40 SafeRWList 113299->113300 113336 7ff61fb2effc shared_ptr 113300->113336 113302 7ff61fb20b4d 113303 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113302->113303 113304 7ff61fb20b6a 113303->113304 113305 7ff61fb20b8f 113304->113305 113397 7ff61fb2efa8 shared_ptr Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113304->113397 113307 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113305->113307 113308 7ff61fb20bc4 113307->113308 113309 7ff61fb20be3 113308->113309 113337 7ff61fb1fc8c 113308->113337 113311 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113309->113311 113312 7ff61fb20c27 113311->113312 113313 7ff61fb20c4f 113312->113313 113398 7ff61fb202bc shared_ptr SafeRWList Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113312->113398 113352 7ff61fb2ec44 113313->113352 113318 7ff61fb20cb3 shared_ptr 113319 7ff61fb20d0f shared_ptr shared_ptr 113318->113319 113358 7ff61fa12f1c 113319->113358 113323 7ff61fb20d98 113324 7ff61fa12f1c _Mpunct 20 API calls 113323->113324 113325 7ff61fb20dce 113324->113325 113326 7ff61fb1fd68 155 API calls 113325->113326 113327 7ff61fb20de7 113326->113327 113328 7ff61fa12f1c _Mpunct 20 API calls 113327->113328 113329 7ff61fb20e1b 113328->113329 113399 7ff61fb2cb88 27 API calls 113329->113399 113331 7ff61fb20e48 113332 7ff61fb819e0 codecvt 8 API calls 113331->113332 113333 7ff61fb20e6f 113332->113333 113333->113277 113334->113281 113336->113302 113400 7ff61fb2dc18 113337->113400 113341 7ff61fb1fcd1 113405 7ff61fb1add4 113341->113405 113343 7ff61fb1fce3 113408 7ff61fa1393c _Ptr_base 113343->113408 113345 7ff61fb1fd00 113409 7ff61fb1b38c 113345->113409 113349 7ff61fb1fd30 113469 7ff61fa173a0 _Ptr_base SafeRWList type_info::_name_internal_method 113349->113469 113351 7ff61fb1fd4d 113351->113309 113353 7ff61fb2ec6d shared_ptr 113352->113353 113571 7ff61fb191f8 113353->113571 113355 7ff61fb20c8e 113356 7ff61fb26d70 UnDecorator::getCallIndex 113355->113356 113357 7ff61fb26d93 SafeRWList 113356->113357 113357->113318 113359 7ff61fa12f42 SafeRWList shared_ptr char_traits 113358->113359 113598 7ff61fa086dc 113359->113598 113361 7ff61fa12f67 113362 7ff61fb1fd68 113361->113362 113363 7ff61fb1fda6 _mbsnset 113362->113363 113364 7ff61fb1fe08 113363->113364 113365 7ff61fb1ff55 113363->113365 113368 7ff61fb1fefa ISource _CallMemberFunction0 113363->113368 113364->113368 113623 7ff61fa8fed8 113364->113623 113369 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113365->113369 113366 7ff61fb819e0 codecvt 8 API calls 113367 7ff61fb20182 113366->113367 113367->113323 113368->113366 113371 7ff61fb1ff5f 113369->113371 113373 7ff61fb1ffdb 113371->113373 113375 7ff61fa13960 shared_ptr _Ptr_base 113371->113375 113372 7ff61fb1fe27 113627 7ff61fa6f328 2 API calls 5 library calls 113372->113627 113636 7ff61fa173f0 113373->113636 113377 7ff61fb1ff9a 113375->113377 113376 7ff61fb1fe3f 113628 7ff61fa6ee58 RtlPcToFileHeader RaiseException Concurrency::details::WorkQueue::IsStructuredEmpty _Receive_impl 113376->113628 113606 7ff61fb1f2a8 113377->113606 113381 7ff61fb20025 6 library calls 113381->113368 113639 7ff61fb26c84 113381->113639 113382 7ff61fb1fe4f 113629 7ff61fa6f328 2 API calls 5 library calls 113382->113629 113384 7ff61fb1fe5e 113630 7ff61fa6f328 2 API calls 5 library calls 113384->113630 113386 7ff61fb1fe71 113631 7ff61fa9b478 30 API calls 5 library calls 113386->113631 113388 7ff61fb1fe85 113632 7ff61fa6f328 2 API calls 5 library calls 113388->113632 113390 7ff61fb1fe94 113633 7ff61fa6f328 2 API calls 5 library calls 113390->113633 113392 7ff61fb1fea3 113634 7ff61fa6ee58 RtlPcToFileHeader RaiseException Concurrency::details::WorkQueue::IsStructuredEmpty _Receive_impl 113392->113634 113395 7ff61fb1feeb 113635 7ff61fa6f328 2 API calls 5 library calls 113395->113635 113397->113305 113398->113313 113399->113331 113470 7ff61fb2db68 113400->113470 113402 7ff61fb1fca4 113403 7ff61fa13960 _Ptr_base 113402->113403 113404 7ff61fa13987 shared_ptr 113403->113404 113404->113341 113474 7ff61fb2dc44 113405->113474 113407 7ff61fb1ade7 shared_ptr 113407->113343 113408->113345 113410 7ff61fa12f1c _Mpunct 20 API calls 113409->113410 113411 7ff61fb1b3be 113410->113411 113481 7ff61fb1d0a4 113411->113481 113413 7ff61fb1b3e7 113414 7ff61fa12f1c _Mpunct 20 API calls 113413->113414 113415 7ff61fb1b409 113414->113415 113416 7ff61fb1d0a4 _mbsnset 58 API calls 113415->113416 113417 7ff61fb1b432 113416->113417 113418 7ff61fa12f1c _Mpunct 20 API calls 113417->113418 113419 7ff61fb1b454 113418->113419 113420 7ff61fb1d0a4 _mbsnset 58 API calls 113419->113420 113421 7ff61fb1b47d 113420->113421 113422 7ff61fa12f1c _Mpunct 20 API calls 113421->113422 113423 7ff61fb1b49f 113422->113423 113424 7ff61fb1d0a4 _mbsnset 58 API calls 113423->113424 113425 7ff61fb1b4c8 113424->113425 113426 7ff61fa12f1c _Mpunct 20 API calls 113425->113426 113427 7ff61fb1b4ea 113426->113427 113428 7ff61fb1d0a4 _mbsnset 58 API calls 113427->113428 113429 7ff61fb1b513 113428->113429 113430 7ff61fa12f1c _Mpunct 20 API calls 113429->113430 113431 7ff61fb1b535 113430->113431 113432 7ff61fb1d0a4 _mbsnset 58 API calls 113431->113432 113433 7ff61fb1b55e 113432->113433 113434 7ff61fa12f1c _Mpunct 20 API calls 113433->113434 113435 7ff61fb1b580 113434->113435 113436 7ff61fb1d0a4 _mbsnset 58 API calls 113435->113436 113437 7ff61fb1b5b5 113436->113437 113438 7ff61fa12f1c _Mpunct 20 API calls 113437->113438 113439 7ff61fb1b5d7 113438->113439 113440 7ff61fb1d0a4 _mbsnset 58 API calls 113439->113440 113441 7ff61fb1b60c 113440->113441 113442 7ff61fa12f1c _Mpunct 20 API calls 113441->113442 113443 7ff61fb1b62e 113442->113443 113444 7ff61fb1d0a4 _mbsnset 58 API calls 113443->113444 113445 7ff61fb1b663 113444->113445 113446 7ff61fa12f1c _Mpunct 20 API calls 113445->113446 113447 7ff61fb1b685 113446->113447 113491 7ff61fb1b2a4 113447->113491 113449 7ff61fb1b6bd 113450 7ff61fa12f1c _Mpunct 20 API calls 113449->113450 113451 7ff61fb1b6df 113450->113451 113452 7ff61fb1b2a4 _mbsnset 57 API calls 113451->113452 113453 7ff61fb1b717 113452->113453 113454 7ff61fa12f1c _Mpunct 20 API calls 113453->113454 113455 7ff61fb1b739 113454->113455 113456 7ff61fb1b2a4 _mbsnset 57 API calls 113455->113456 113457 7ff61fb1b771 113456->113457 113458 7ff61fa12f1c _Mpunct 20 API calls 113457->113458 113459 7ff61fb1b793 113458->113459 113460 7ff61fb1b2a4 _mbsnset 57 API calls 113459->113460 113461 7ff61fb1b7cb 113460->113461 113462 7ff61fa12f1c _Mpunct 20 API calls 113461->113462 113463 7ff61fb1b7ed 113462->113463 113464 7ff61fb1b2a4 _mbsnset 57 API calls 113463->113464 113465 7ff61fb1b825 113464->113465 113466 7ff61fb819e0 codecvt 8 API calls 113465->113466 113467 7ff61fb1b843 113466->113467 113468 7ff61fb2d004 5 API calls 5 library calls 113467->113468 113468->113349 113469->113351 113473 7ff61fb2effc shared_ptr 113470->113473 113472 7ff61fb2db7b 113472->113402 113473->113472 113477 7ff61fb2dae8 113474->113477 113476 7ff61fb2dc57 113476->113407 113480 7ff61fb2effc shared_ptr 113477->113480 113479 7ff61fb2dafb shared_ptr 113479->113476 113480->113479 113482 7ff61fb1d0dc 113481->113482 113484 7ff61fb1d0fe _mbsnset 113481->113484 113483 7ff61fb1b2a4 _mbsnset 57 API calls 113482->113483 113483->113484 113497 7ff61fb279dc UnDecorator::getCallIndex 113484->113497 113486 7ff61fb1d13f 113499 7ff61fb17220 113486->113499 113488 7ff61fb1d14f 113489 7ff61fb819e0 codecvt 8 API calls 113488->113489 113490 7ff61fb1d16a 113489->113490 113490->113413 113492 7ff61fb1b2cb _mbsnset 113491->113492 113549 7ff61fb1cfc8 113492->113549 113495 7ff61fb1b30e ISource 113495->113449 113498 7ff61fb279ff _mbsnset SafeRWList 113497->113498 113498->113486 113500 7ff61fb17236 113499->113500 113502 7ff61fb17247 113500->113502 113503 7ff61fa18864 113500->113503 113502->113488 113504 7ff61fa18877 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 113503->113504 113505 7ff61fa18883 type_info::_name_internal_method 113504->113505 113520 7ff61fb5da94 RtlPcToFileHeader RaiseException Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock Concurrency::cancel_current_task 113504->113520 113511 7ff61fa1e3a8 113505->113511 113514 7ff61fb26870 113505->113514 113517 7ff61fa1e3e8 113505->113517 113507 7ff61fa188a2 113507->113500 113521 7ff61fa082a8 113511->113521 113530 7ff61fb2874c 113514->113530 113540 7ff61fa082d8 113517->113540 113524 7ff61fa10c38 113521->113524 113527 7ff61fa17fc0 113524->113527 113528 7ff61fa18864 _mbsnset 57 API calls 113527->113528 113529 7ff61fa082bb 113528->113529 113529->113507 113533 7ff61fb2cc68 113530->113533 113536 7ff61fb24798 113533->113536 113537 7ff61fb247db SafeRWList 113536->113537 113538 7ff61fb1cfc8 _mbsnset 57 API calls 113537->113538 113539 7ff61fb247f7 113538->113539 113539->113507 113543 7ff61fa10c68 113540->113543 113546 7ff61fa18378 113543->113546 113547 7ff61fa1c1e4 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 55 API calls 113546->113547 113548 7ff61fa082eb 113547->113548 113548->113507 113550 7ff61fb1cff3 _mbsnset 113549->113550 113551 7ff61fb1d06a 113550->113551 113552 7ff61fb1d000 113550->113552 113568 7ff61fad40d4 20 API calls Concurrency::details::WorkQueue::PushStructured 113551->113568 113554 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113552->113554 113557 7ff61fb1d01b 113554->113557 113555 7ff61fb1b2f1 113555->113495 113558 7ff61fb1d178 113555->113558 113556 7ff61fb1d178 _mbsnset 57 API calls 113556->113555 113557->113555 113557->113556 113559 7ff61fb1d1b0 113558->113559 113560 7ff61fb1d1d2 _mbsnset 113558->113560 113561 7ff61fb1cfc8 _mbsnset 57 API calls 113559->113561 113569 7ff61fb27acc UnDecorator::getCallIndex 113560->113569 113561->113560 113563 7ff61fb1d213 113564 7ff61fb17220 _mbsnset 57 API calls 113563->113564 113565 7ff61fb1d223 113564->113565 113566 7ff61fb819e0 codecvt 8 API calls 113565->113566 113567 7ff61fb1d23e 113566->113567 113567->113495 113568->113557 113570 7ff61fb27aef _mbsnset SafeRWList 113569->113570 113570->113563 113574 7ff61fb19233 Concurrency::cancellation_token_source::~cancellation_token_source 113571->113574 113572 7ff61fb1925c 113573 7ff61fb819e0 codecvt 8 API calls 113572->113573 113575 7ff61fb194dc 113573->113575 113574->113572 113579 7ff61fb192b0 type_info::_name_internal_method 113574->113579 113575->113355 113576 7ff61fb19466 113576->113355 113578 7ff61fb1945f 113578->113576 113582 7ff61fa12f1c _Mpunct 20 API calls 113578->113582 113580 7ff61fa12f1c _Mpunct 20 API calls 113579->113580 113589 7ff61fb1938d ~ 113579->113589 113581 7ff61fb19317 113580->113581 113593 7ff61fa62e48 21 API calls 2 library calls 113581->113593 113583 7ff61fb1949b 113582->113583 113597 7ff61fa64eb8 20 API calls SafeRWList 113583->113597 113586 7ff61fb19345 Concurrency::details::WorkQueue::IsStructuredEmpty _Receive_impl 113594 7ff61fb194ec 20 API calls 3 library calls 113586->113594 113588 7ff61fb19386 113588->113589 113590 7ff61fa12f1c _Mpunct 20 API calls 113588->113590 113589->113576 113596 7ff61fb196b0 20 API calls 6 library calls 113589->113596 113591 7ff61fb193bb 113590->113591 113595 7ff61fb2cc80 20 API calls SafeRWList 113591->113595 113593->113586 113594->113588 113595->113589 113596->113578 113597->113576 113599 7ff61fa08703 Concurrency::cancellation_token::_FromImpl 113598->113599 113601 7ff61fa0870f Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl 113599->113601 113604 7ff61fa25500 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Mtx_guard::~_Mtx_guard 113599->113604 113603 7ff61fa08746 Concurrency::cancellation_token::_FromImpl SafeRWList __StateFromControlPc _Mpunct std::exception::~exception 113601->113603 113605 7ff61fa2558c 19 API calls _Allocate 113601->113605 113603->113361 113604->113601 113605->113603 113644 7ff61fb2effc shared_ptr 113606->113644 113608 7ff61fb1f2ca DNameNode::DNameNode 113645 7ff61fa12e8c 113608->113645 113611 7ff61fa8fed8 _Receive_impl 31 API calls 113612 7ff61fb1f344 shared_ptr 113611->113612 113613 7ff61fb1add4 shared_ptr 113612->113613 113614 7ff61fb1f378 113613->113614 113615 7ff61fa13960 shared_ptr _Ptr_base 113614->113615 113616 7ff61fb1f3ac 113615->113616 113649 7ff61fa13994 _Ptr_base 113616->113649 113618 7ff61fb1f3c0 113650 7ff61fb1faf8 113618->113650 113622 7ff61fb1f3da 113622->113373 113624 7ff61fa8fef4 SafeRWList Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113623->113624 113936 7ff61fa31f84 113624->113936 113626 7ff61fa8ff53 _Receive_impl 113626->113372 113627->113376 113628->113382 113629->113384 113630->113386 113631->113388 113632->113390 113633->113392 113634->113395 113635->113368 113637 7ff61fa13960 shared_ptr _Ptr_base 113636->113637 113638 7ff61fa1740d type_info::_name_internal_method 113637->113638 113638->113381 113640 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113639->113640 113641 7ff61fb26cae 113640->113641 113642 7ff61fa13960 shared_ptr _Ptr_base 113641->113642 113643 7ff61fb26cd2 113642->113643 113643->113381 113644->113608 113646 7ff61fa12eae Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl allocator 113645->113646 113675 7ff61fa08860 113646->113675 113648 7ff61fa12f10 113648->113611 113649->113618 113651 7ff61fb1fb2c std::_Fac_node::_Fac_node 113650->113651 113683 7ff61fb279a0 UnDecorator::getCallIndex 113651->113683 113653 7ff61fb1fb58 113654 7ff61fb17220 _mbsnset 57 API calls 113653->113654 113655 7ff61fb1fb68 113654->113655 113656 7ff61fb819e0 codecvt 8 API calls 113655->113656 113657 7ff61fb1f3cb 113656->113657 113658 7ff61fb1f6c0 113657->113658 113659 7ff61fb1faf8 58 API calls 113658->113659 113660 7ff61fb1f6ed Concurrency::details::WorkQueue::IsStructuredEmpty 113659->113660 113661 7ff61fb1f73b _mbsnset 113660->113661 113698 7ff61fb1f948 58 API calls 4 library calls 113660->113698 113685 7ff61fb30940 113661->113685 113665 7ff61fb1f7b0 113667 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113665->113667 113668 7ff61fb1f7ce 113667->113668 113669 7ff61fb1f82f 113668->113669 113670 7ff61fa13960 shared_ptr _Ptr_base 113668->113670 113700 7ff61fb1fb94 58 API calls 3 library calls 113669->113700 113671 7ff61fb1f800 113670->113671 113689 7ff61fb1d24c 113671->113689 113674 7ff61fb1f867 ISource 113674->113622 113676 7ff61fa08887 Concurrency::cancellation_token::_FromImpl 113675->113676 113678 7ff61fa08896 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl 113676->113678 113681 7ff61fa25500 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Mtx_guard::~_Mtx_guard 113676->113681 113680 7ff61fa088d0 Concurrency::cancellation_token::_FromImpl SafeRWList __StateFromControlPc std::exception::~exception 113678->113680 113682 7ff61fa2558c 19 API calls _Allocate 113678->113682 113680->113648 113681->113678 113682->113680 113684 7ff61fb279c3 SafeRWList 113683->113684 113684->113653 113687 7ff61fb3095e Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy 113685->113687 113686 7ff61fb1f784 113686->113665 113699 7ff61fb1b0bc 57 API calls 3 library calls 113686->113699 113687->113686 113688 7ff61fb35bb4 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException 113687->113688 113688->113687 113701 7ff61fb2effc shared_ptr 113689->113701 113691 7ff61fb1d269 113702 7ff61fa1393c _Ptr_base 113691->113702 113693 7ff61fb1d359 113694 7ff61fa173f0 _Ptr_base 113693->113694 113695 7ff61fb1d380 113694->113695 113703 7ff61fb1d7ac 113695->113703 113697 7ff61fb1d393 113697->113669 113698->113661 113699->113665 113700->113674 113701->113691 113702->113693 113704 7ff61fb1d7e6 _mbsnset task shared_ptr 113703->113704 113705 7ff61fb1d898 113704->113705 113725 7ff61fb1defe task UnDecorator::getVbTableType shared_ptr pDNameNode::length 113704->113725 113706 7ff61fb1d8bd UnDecorator::getVbTableType 113705->113706 113707 7ff61fb1d94c 113705->113707 113708 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113706->113708 113709 7ff61fb1d95f UnDecorator::getVbTableType 113707->113709 113710 7ff61fb1d9ee 113707->113710 113711 7ff61fb1d8e7 113708->113711 113713 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113709->113713 113715 7ff61fb1da01 UnDecorator::getVbTableType 113710->113715 113720 7ff61fb1da92 113710->113720 113788 7ff61fb24d70 31 API calls 2 library calls 113711->113788 113716 7ff61fb1d989 113713->113716 113714 7ff61fb1d901 pDNameNode::length 113789 7ff61fb2d5d8 22 API calls 4 library calls 113714->113789 113721 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113715->113721 113790 7ff61fb24d70 31 API calls 2 library calls 113716->113790 113718 7ff61fb1d9a3 pDNameNode::length 113791 7ff61fb2d5d8 22 API calls 4 library calls 113718->113791 113728 7ff61fb1dc49 113720->113728 113745 7ff61fb1dab9 SafeRWList UnDecorator::getVbTableType 113720->113745 113767 7ff61fb1d947 type_info::_name_internal_method _SyncOriginator 113720->113767 113722 7ff61fb1da2b 113721->113722 113792 7ff61fb24d70 31 API calls 2 library calls 113722->113792 113724 7ff61fb26d70 UnDecorator::getCallIndex 113736 7ff61fb1dfe1 _MallocaArrayHolder task type_info::_name_internal_method shared_ptr pDNameNode::length 113724->113736 113725->113736 113769 7ff61fb1e724 113725->113769 113726 7ff61fb1da45 pDNameNode::length 113793 7ff61fb2d5d8 22 API calls 4 library calls 113726->113793 113732 7ff61fb1dc5c UnDecorator::getVbTableType 113728->113732 113733 7ff61fb1dcf2 113728->113733 113730 7ff61fb1e079 ISource 113734 7ff61fb819e0 codecvt 8 API calls 113730->113734 113740 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113732->113740 113738 7ff61fb1dd7b 113733->113738 113739 7ff61fb1dd01 UnDecorator::getVbTableType 113733->113739 113735 7ff61fb1e0a4 113734->113735 113735->113697 113736->113724 113736->113730 113805 7ff61fb1e8ac 113736->113805 113744 7ff61fb1de4c UnDecorator::getVbTableType 113738->113744 113748 7ff61fb1dd90 UnDecorator::getVbTableType 113738->113748 113746 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113739->113746 113741 7ff61fb1dc9c 113740->113741 113797 7ff61fb1e0b4 69 API calls 6 library calls 113741->113797 113743 7ff61fb1dcb9 113798 7ff61fb2d2b0 22 API calls 4 library calls 113743->113798 113758 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113744->113758 113744->113767 113794 7ff61fa39750 20 API calls 5 library calls 113745->113794 113747 7ff61fb1dd2b 113746->113747 113799 7ff61fb24d70 31 API calls 2 library calls 113747->113799 113752 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113748->113752 113755 7ff61fb1ddba 113752->113755 113753 7ff61fb1db74 pDNameNode::length 113795 7ff61fb199f8 22 API calls 3 library calls 113753->113795 113754 7ff61fb1dd45 113800 7ff61fb2d5d8 22 API calls 4 library calls 113754->113800 113801 7ff61fb1e0b4 69 API calls 6 library calls 113755->113801 113761 7ff61fb1de8b 113758->113761 113759 7ff61fb1ddd7 pDNameNode::length 113802 7ff61fb2d44c 22 API calls 4 library calls 113759->113802 113803 7ff61fb1e0b4 69 API calls 6 library calls 113761->113803 113762 7ff61fb1dbc3 pDNameNode::length 113796 7ff61fb2d0b8 23 API calls 6 library calls 113762->113796 113764 7ff61fb1dea8 pDNameNode::length 113764->113767 113804 7ff61fb2d44c 22 API calls 4 library calls 113764->113804 113767->113697 113770 7ff61fb1e765 113769->113770 113771 7ff61fb1e7be 113770->113771 113870 7ff61fa6f328 2 API calls 5 library calls 113770->113870 113822 7ff61fb17740 113771->113822 113774 7ff61fb1e78a 113871 7ff61fa6f328 2 API calls 5 library calls 113774->113871 113775 7ff61fb1e7d4 Concurrency::details::WorkQueue::IsStructuredEmpty 113778 7ff61fb1e802 std::_Fac_node::_Fac_node 113775->113778 113873 7ff61fb17608 34 API calls 4 library calls 113775->113873 113777 7ff61fb1e7af 113872 7ff61fa6f328 2 API calls 5 library calls 113777->113872 113781 7ff61fb1e819 SafeRWList 113778->113781 113782 7ff61fb1e836 SafeRWList 113781->113782 113783 7ff61fb1e853 113781->113783 113782->113783 113834 7ff61fb24e44 113783->113834 113785 7ff61fb1e876 113786 7ff61fb819e0 codecvt 8 API calls 113785->113786 113787 7ff61fb1e89c 113786->113787 113787->113725 113788->113714 113789->113767 113790->113718 113791->113767 113792->113726 113793->113767 113794->113753 113795->113762 113796->113767 113797->113743 113798->113767 113799->113754 113800->113767 113801->113759 113802->113767 113803->113764 113804->113767 113911 7ff61fb2d8b4 113805->113911 113807 7ff61fb1e90e 113811 7ff61fb819e0 codecvt 8 API calls 113807->113811 113808 7ff61fb1e8f9 113808->113807 113915 7ff61fb2d9c4 113808->113915 113810 7ff61fb1e941 113919 7ff61fb17550 113810->113919 113813 7ff61fb1ea13 113811->113813 113813->113736 113814 7ff61fb1e950 113814->113807 113815 7ff61fb2d8b4 _Receive_impl 3 API calls 113814->113815 113816 7ff61fb1e99d 113815->113816 113817 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113816->113817 113818 7ff61fb1e9aa Concurrency::details::WorkQueue::IsStructuredEmpty 113817->113818 113923 7ff61fb30ab8 RtlPcToFileHeader RaiseException Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock SafeRWList type_info::_name_internal_method 113818->113923 113820 7ff61fb1e9d4 113924 7ff61fb37594 91 API calls 2 library calls 113820->113924 113823 7ff61fb1776c type_info::_name_internal_method 113822->113823 113824 7ff61fb1778b 113823->113824 113827 7ff61fb177ac 113823->113827 113825 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 113824->113825 113826 7ff61fb1779a 113825->113826 113826->113775 113874 7ff61fb36e74 8 API calls char_traits 113827->113874 113829 7ff61fb177c2 113830 7ff61fb177cf 113829->113830 113831 7ff61fb177f0 113829->113831 113832 7ff61fa12f1c _Mpunct 20 API calls 113830->113832 113875 7ff61fa62e48 21 API calls 2 library calls 113831->113875 113832->113826 113835 7ff61fb24e7f _MallocaArrayHolder _Receive_impl UnDecorator::getVbTableType 113834->113835 113836 7ff61fb24efa 113835->113836 113837 7ff61fb25164 Concurrency::details::ContextBase::GetWorkQueueIdentity 113835->113837 113876 7ff61fb1749c 113836->113876 113890 7ff61fb2cd48 20 API calls SafeRWList 113837->113890 113839 7ff61fb24f0b 113883 7ff61fb2cd48 20 API calls SafeRWList 113839->113883 113842 7ff61fb2519f 113891 7ff61fb2c8c8 21 API calls SafeRWList 113842->113891 113843 7ff61fb24f47 113884 7ff61fb2c8c8 21 API calls SafeRWList 113843->113884 113846 7ff61fb251e4 SafeRWList 113848 7ff61fb25215 Concurrency::details::ContextBase::GetWorkQueueIdentity 113846->113848 113847 7ff61fb24f77 SafeRWList 113885 7ff61fb27b08 4 API calls 3 library calls 113847->113885 113852 7ff61fa13960 shared_ptr _Ptr_base 113848->113852 113850 7ff61fb24fb0 113886 7ff61fb2cf00 _Ptr_base SafeRWList 113850->113886 113853 7ff61fb25229 113852->113853 113892 7ff61fb2cf00 _Ptr_base SafeRWList 113853->113892 113854 7ff61fb24fe5 113887 7ff61fb2c904 21 API calls SafeRWList 113854->113887 113857 7ff61fb2525e 113893 7ff61fb2c904 21 API calls SafeRWList 113857->113893 113859 7ff61fb2502a SafeRWList _MallocaArrayHolder 113888 7ff61fb35b04 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Receive_impl UnDecorator::getVbTableType 113859->113888 113861 7ff61fb25095 113862 7ff61fa13960 shared_ptr _Ptr_base 113861->113862 113863 7ff61fb250a5 113862->113863 113889 7ff61fb2cce4 21 API calls SafeRWList 113863->113889 113865 7ff61fb25337 113866 7ff61fb819e0 codecvt 8 API calls 113865->113866 113868 7ff61fb25347 113866->113868 113868->113785 113869 7ff61fb250fe SafeRWList Concurrency::details::ContextBase::GetWorkQueueIdentity ~ 113869->113865 113894 7ff61fb2d5d8 22 API calls 4 library calls 113869->113894 113870->113774 113871->113777 113872->113771 113873->113778 113874->113829 113875->113826 113877 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113876->113877 113878 7ff61fb174af Concurrency::details::WorkQueue::IsStructuredEmpty 113877->113878 113880 7ff61fb174ee 113878->113880 113895 7ff61fb2e57c 113878->113895 113882 7ff61fb17534 113880->113882 113905 7ff61fa33b80 113880->113905 113882->113839 113883->113843 113884->113847 113885->113850 113886->113854 113887->113859 113888->113861 113889->113869 113890->113842 113891->113846 113892->113857 113893->113869 113894->113865 113896 7ff61fb2e5a3 SafeRWList Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113895->113896 113897 7ff61fa31f84 _Receive_impl 31 API calls 113896->113897 113898 7ff61fb2e602 113897->113898 113899 7ff61fa454c0 type_info::_name_internal_method 13 API calls 113898->113899 113900 7ff61fb2e657 113899->113900 113901 7ff61fb374e4 _Receive_impl 91 API calls 113900->113901 113902 7ff61fb2e67f 113901->113902 113903 7ff61fb2e6b2 113902->113903 113904 7ff61fa349b0 type_info::_name_internal_method RtlPcToFileHeader RaiseException 113902->113904 113903->113880 113904->113903 113906 7ff61fa33ba8 shared_ptr 113905->113906 113907 7ff61fa3432c shared_ptr 73 API calls 113906->113907 113910 7ff61fa33c31 113906->113910 113908 7ff61fa33bec 113907->113908 113909 7ff61fa349b0 type_info::_name_internal_method RtlPcToFileHeader RaiseException 113908->113909 113909->113910 113910->113882 113912 7ff61fb2d8df _Receive_impl UnDecorator::getVbTableType 113911->113912 113914 7ff61fb2d919 Concurrency::details::ContextBase::GetWorkQueueIdentity 113912->113914 113925 7ff61fb35b04 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Receive_impl UnDecorator::getVbTableType 113912->113925 113914->113808 113917 7ff61fb2d9ef _Receive_impl UnDecorator::getVbTableType 113915->113917 113916 7ff61fb2da29 Concurrency::details::ContextBase::GetWorkQueueIdentity 113916->113810 113917->113916 113926 7ff61fb35b04 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Receive_impl UnDecorator::getVbTableType 113917->113926 113920 7ff61fb17565 113919->113920 113922 7ff61fb17561 113919->113922 113927 7ff61faee824 113920->113927 113922->113814 113923->113820 113924->113807 113925->113914 113926->113916 113928 7ff61faee844 type_info::_name_internal_method 113927->113928 113929 7ff61faee8cd fpos 113928->113929 113930 7ff61faee86b shared_ptr 113928->113930 113932 7ff61faee8b9 113929->113932 113933 7ff61faee28c 113930->113933 113932->113922 113935 7ff61fa4d05c 78 API calls 113933->113935 113934 7ff61faee2d5 113934->113932 113935->113934 113937 7ff61fa31fa6 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113936->113937 113940 7ff61fa32064 113937->113940 113939 7ff61fa31ff7 113939->113626 113941 7ff61fa3208b Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 113940->113941 113944 7ff61fa33d14 113941->113944 113953 7ff61fa33278 113944->113953 113946 7ff61fa33d31 113958 7ff61fa34c64 113946->113958 113948 7ff61fa33d58 113949 7ff61fa33d7e 113948->113949 113962 7ff61fa349b0 113948->113962 113951 7ff61fa32135 113949->113951 113966 7ff61fb5f31c 7 API calls 2 library calls 113949->113966 113951->113939 113967 7ff61fa33884 113953->113967 113956 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 113957 7ff61fa332fd std::ios_base::_Init 113956->113957 113957->113946 113959 7ff61fa34c80 std::ios_base::getloc 113958->113959 113978 7ff61fa11890 113959->113978 113961 7ff61fa34c99 Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy _Receive_impl 113961->113948 113963 7ff61fa349cc type_info::_name_internal_method 113962->113963 114009 7ff61fa33828 113963->114009 113966->113951 113970 7ff61fa338a8 113967->113970 113971 7ff61fa332f3 113970->113971 113972 7ff61fa33902 113970->113972 113971->113956 113974 7ff61fa33917 std::make_error_code 113972->113974 113976 7ff61fb83410 RtlPcToFileHeader RaiseException 113972->113976 113977 7ff61fb83410 RtlPcToFileHeader RaiseException 113974->113977 113976->113974 113977->113971 113992 7ff61fb5ca14 113978->113992 113980 7ff61fa118a5 113996 7ff61fa17d28 113980->113996 113982 7ff61fa118be std::locale::_Getfacet 113991 7ff61fa118eb type_info::_name_internal_method 113982->113991 114006 7ff61fa20188 29 API calls 3 library calls 113982->114006 113984 7ff61fa11987 113984->113961 113986 7ff61fa11906 113987 7ff61fa1190c 113986->113987 113988 7ff61fa11914 113986->113988 114007 7ff61fa243d4 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc Concurrency::cancel_current_task 113987->114007 113990 7ff61fa1192d std::_Facet_Register 113988->113990 113990->113991 114002 7ff61fb5ca8c 113991->114002 113993 7ff61fb5ca28 113992->113993 113994 7ff61fb5ca23 113992->113994 113993->113980 114008 7ff61fb9b54c 6 API calls std::_Lockit::_Lockit 113994->114008 113997 7ff61fa17d7a 113996->113997 113998 7ff61fa17d3c 113996->113998 113997->113982 113999 7ff61fb5ca14 std::_Lockit::_Lockit 6 API calls 113998->113999 114000 7ff61fa17d48 113999->114000 114001 7ff61fb5ca8c std::_Lockit::~_Lockit LeaveCriticalSection 114000->114001 114001->113997 114003 7ff61fb5ca97 LeaveCriticalSection 114002->114003 114004 7ff61fb5caa0 114002->114004 114004->113984 114006->113986 114007->113991 114010 7ff61fa3384e 114009->114010 114011 7ff61fa338a8 std::ios_base::clear 2 API calls 114010->114011 114012 7ff61fa3387d 114011->114012 114012->113949 114013 7ff61fba5cf0 114014 7ff61fba5d20 114013->114014 114017 7ff61fba5b24 114014->114017 114016 7ff61fba5d39 114019 7ff61fba5b7b 114017->114019 114025 7ff61fba5b4d 114017->114025 114018 7ff61fba5b94 114032 7ff61fb882d4 39 API calls 2 library calls 114018->114032 114019->114018 114021 7ff61fba5beb 114019->114021 114022 7ff61fba5c09 114021->114022 114026 7ff61fba5c44 114021->114026 114033 7ff61fbaad58 LeaveCriticalSection 114022->114033 114025->114016 114034 7ff61fbaaf7c 114026->114034 114028 7ff61fba5c6b 114029 7ff61fba5c82 SetFilePointerEx 114028->114029 114031 7ff61fba5c71 shared_ptr 114028->114031 114030 7ff61fba5c9a GetLastError 114029->114030 114029->114031 114030->114031 114031->114022 114032->114025 114035 7ff61fbaaf85 114034->114035 114036 7ff61fbaaf9a 114034->114036 114044 7ff61fb90e60 13 API calls _get_daylight 114035->114044 114043 7ff61fbaaf92 114036->114043 114046 7ff61fb90e60 13 API calls _get_daylight 114036->114046 114038 7ff61fbaaf8a 114045 7ff61fb90e80 13 API calls _get_daylight 114038->114045 114041 7ff61fbaafd5 114047 7ff61fb90e80 13 API calls _get_daylight 114041->114047 114043->114028 114044->114038 114045->114043 114046->114041 114047->114043 114048 7ff61fa36dbc 114051 7ff61fa36dd4 TlsFree 114048->114051 114050 7ff61fa36dcf 114052 7ff61fa36df4 std::exception::~exception 114051->114052 114052->114050 114053 7ff61fa36dfc 114056 7ff61fa37488 114053->114056 114057 7ff61fa374a7 WSACleanup 114056->114057 114058 7ff61fa36e11 114056->114058 114057->114058 114059 7ff61fb5f038 114072 7ff61fb5ef5c GetModuleHandleExW 114059->114072 114061 7ff61fb5f04d _Mtx_unlock unique_lock 114062 7ff61fb5ef5c Concurrency::details::_Schedule_chore GetModuleHandleExW 114061->114062 114070 7ff61fb5f0c0 Concurrency::details::ContextBase::GetWorkQueueIdentity _Mtx_unlock unique_lock 114061->114070 114063 7ff61fb5f07e 114062->114063 114064 7ff61fb5f0ad 114063->114064 114065 7ff61fb5f082 GetModuleHandleExW 114063->114065 114074 7ff61fa1c268 114064->114074 114065->114064 114066 7ff61fb5f09a 114065->114066 114066->114064 114067 7ff61fb5f0a4 FreeLibraryWhenCallbackReturns 114066->114067 114067->114064 114068 7ff61fb5f0bb 114069 7ff61fb5ef5c Concurrency::details::_Schedule_chore GetModuleHandleExW 114068->114069 114069->114070 114073 7ff61fb5ef76 114072->114073 114073->114061 114075 7ff61fa1c280 114074->114075 114078 7ff61fa22fbc 114075->114078 114076 7ff61fa1c2b0 114076->114068 114079 7ff61fa22fd4 114078->114079 114082 7ff61fa270f0 114079->114082 114080 7ff61fa23002 114080->114076 114083 7ff61fa2710a _MallocaArrayHolder std::exception::~exception 114082->114083 114085 7ff61fa27119 _MallocaArrayHolder Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock 114083->114085 114086 7ff61fa228b0 114083->114086 114085->114080 114089 7ff61fa205c8 114086->114089 114090 7ff61fa205ec _MallocaArrayHolder 114089->114090 114095 7ff61fa0b0a4 114090->114095 114092 7ff61fa20656 114099 7ff61fa1faa8 59 API calls 5 library calls 114092->114099 114094 7ff61fa20668 114094->114085 114096 7ff61fa0b0c3 _MallocaArrayHolder Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock 114095->114096 114097 7ff61fa18864 _mbsnset 57 API calls 114096->114097 114098 7ff61fa0b0e1 114097->114098 114098->114092 114099->114094 114100 7ff61fa34f50 114122 7ff61fa2c758 114100->114122 114102 7ff61fa34ff1 114127 7ff61fa359c8 114102->114127 114104 7ff61fa34f83 114104->114102 114160 7ff61fa31a40 22 API calls 4 library calls 114104->114160 114161 7ff61fa2a128 72 API calls 4 library calls 114104->114161 114162 7ff61fa37e40 75 API calls 5 library calls 114104->114162 114163 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114104->114163 114108 7ff61fa35000 114165 7ff61fa355a0 158 API calls 6 library calls 114108->114165 114111 7ff61fa35005 114166 7ff61fa35c48 183 API calls 4 library calls 114111->114166 114114 7ff61fa3500a 114167 7ff61fa3528c 314 API calls 5 library calls 114114->114167 114117 7ff61fa3500f 114168 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114117->114168 114119 7ff61fa35021 114120 7ff61fb819e0 codecvt 8 API calls 114119->114120 114121 7ff61fa35032 114120->114121 114169 7ff61fa2c788 114122->114169 114216 7ff61fa50a14 114127->114216 114129 7ff61fa359fb 114244 7ff61fa38654 114129->114244 114131 7ff61fa35a00 114248 7ff61fa4f1a0 114131->114248 114133 7ff61fa35a0a 114134 7ff61fa12f1c _Mpunct 20 API calls 114133->114134 114142 7ff61fa35a6b 114133->114142 114135 7ff61fa35a30 114134->114135 114136 7ff61fa12f1c _Mpunct 20 API calls 114135->114136 114137 7ff61fa35a45 114136->114137 114314 7ff61fa1533c 114137->114314 114139 7ff61fa35b62 114144 7ff61fa12f1c _Mpunct 20 API calls 114139->114144 114159 7ff61fa35bdf 114139->114159 114140 7ff61fa35b0d 114140->114139 114340 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114140->114340 114142->114140 114146 7ff61fa12f1c _Mpunct 20 API calls 114142->114146 114145 7ff61fa35ba1 114144->114145 114148 7ff61fa12f1c _Mpunct 20 API calls 114145->114148 114149 7ff61fa35aef 114146->114149 114147 7ff61fa35c17 114342 7ff61fa63e08 80 API calls 114147->114342 114153 7ff61fa35bb6 114148->114153 114339 7ff61fa5387c 77 API calls 5 library calls 114149->114339 114152 7ff61fa35c1c 114343 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114152->114343 114155 7ff61fa1533c 52 API calls 114153->114155 114155->114159 114156 7ff61fa35c27 114157 7ff61fb819e0 codecvt 8 API calls 114156->114157 114158 7ff61fa34ffb 114157->114158 114164 7ff61fa35854 172 API calls 6 library calls 114158->114164 114341 7ff61fa63120 78 API calls 6 library calls 114159->114341 114160->114104 114161->114104 114162->114104 114163->114104 114164->114108 114165->114111 114166->114114 114167->114117 114168->114119 114184 7ff61fa2c8d0 114169->114184 114172 7ff61fa2da0c type_info::_name_internal_method 72 API calls 114173 7ff61fa2c772 114172->114173 114174 7ff61fa2da0c 114173->114174 114175 7ff61fa2da48 114174->114175 114176 7ff61fa2da23 114174->114176 114177 7ff61fa2da79 114175->114177 114213 7ff61fb89030 72 API calls 2 library calls 114175->114213 114176->114175 114212 7ff61fb89030 72 API calls 2 library calls 114176->114212 114181 7ff61fa2daaa 114177->114181 114214 7ff61fb89030 72 API calls 2 library calls 114177->114214 114183 7ff61fa2c77e 114181->114183 114215 7ff61fb89030 72 API calls 2 library calls 114181->114215 114183->114104 114185 7ff61fa2c940 114184->114185 114186 7ff61fa2c905 114184->114186 114188 7ff61fa2c9b3 114185->114188 114198 7ff61fa2c930 114185->114198 114205 7ff61fa2c972 114185->114205 114189 7ff61fa2c96d 114186->114189 114190 7ff61fa2c922 114186->114190 114186->114205 114187 7ff61fb819e0 codecvt 8 API calls 114191 7ff61fa2c7bc 114187->114191 114209 7ff61fa2bf5c 74 API calls 6 library calls 114188->114209 114206 7ff61fa2c004 74 API calls 6 library calls 114189->114206 114193 7ff61fa2c929 114190->114193 114194 7ff61fa2c982 114190->114194 114191->114172 114197 7ff61fa2c997 114193->114197 114193->114198 114207 7ff61fa2c0ac 74 API calls 6 library calls 114194->114207 114208 7ff61fa2bdcc 75 API calls 5 library calls 114197->114208 114199 7ff61fa12f1c _Mpunct 20 API calls 114198->114199 114198->114205 114201 7ff61fa2ca4c 114199->114201 114210 7ff61fa2bc8c 33 API calls 5 library calls 114201->114210 114203 7ff61fa2ca64 114211 7ff61fb83410 RtlPcToFileHeader RaiseException 114203->114211 114205->114187 114206->114205 114207->114205 114208->114205 114209->114205 114210->114203 114211->114205 114212->114175 114213->114177 114214->114181 114215->114183 114344 7ff61fa305f4 77 API calls 4 library calls 114216->114344 114218 7ff61fa50a59 114345 7ff61fa2cf4c 72 API calls 5 library calls 114218->114345 114220 7ff61fa50a6f 114346 7ff61fa5cafc 72 API calls type_info::_name_internal_method 114220->114346 114222 7ff61fa50a8b 114347 7ff61fa5fcc0 72 API calls type_info::_name_internal_method 114222->114347 114224 7ff61fa50a9d 114348 7ff61fa39d28 75 API calls 114224->114348 114226 7ff61fb819e0 codecvt 8 API calls 114228 7ff61fa50cdd 114226->114228 114227 7ff61fa50abb 114240 7ff61fa50ca3 ~ 114227->114240 114349 7ff61fa544ac 33 API calls _aligned_msize 114227->114349 114228->114129 114230 7ff61fa50ae7 114350 7ff61fa53a70 21 API calls 6 library calls 114230->114350 114232 7ff61fa50b07 114234 7ff61fa50b6b _Receive_impl type_info::_name_internal_method 114232->114234 114351 7ff61fae4534 25 API calls 3 library calls 114232->114351 114237 7ff61fa50ba9 ~ 114234->114237 114241 7ff61fa50c00 ~ type_info::_name_internal_method 114234->114241 114353 7ff61fa172dc 20 API calls 4 library calls 114234->114353 114236 7ff61fa50b21 _Receive_impl type_info::_name_internal_method 114236->114234 114352 7ff61fae4604 24 API calls 2 library calls 114236->114352 114237->114129 114240->114226 114242 7ff61fa12f1c _Mpunct 20 API calls 114241->114242 114243 7ff61fa50c59 ~ 114241->114243 114242->114243 114354 7ff61fa511ac 138 API calls 11 library calls 114243->114354 114245 7ff61fa3865d type_info::_name_internal_method 114244->114245 114247 7ff61fa38661 114245->114247 114355 7ff61fa38f44 114245->114355 114247->114131 114249 7ff61fa4f1d2 114248->114249 114250 7ff61fa4f1d9 114249->114250 114251 7ff61fa4f205 114249->114251 114809 7ff61fa305f4 77 API calls 4 library calls 114250->114809 114253 7ff61fa2c758 _aligned_msize 75 API calls 114251->114253 114254 7ff61fa4f214 114253->114254 114255 7ff61fa12f1c _Mpunct 20 API calls 114254->114255 114257 7ff61fa4f229 114255->114257 114256 7ff61fb819e0 codecvt 8 API calls 114259 7ff61fa4f807 114256->114259 114797 7ff61fa384dc 114257->114797 114259->114133 114260 7ff61fa4f246 114808 7ff61fa45784 UnDecorator::getCallIndex 114260->114808 114262 7ff61fa4f28a 114263 7ff61fa41ebc _aligned_msize 76 API calls 114262->114263 114264 7ff61fa4f2b7 114263->114264 114810 7ff61fa2cf4c 72 API calls 5 library calls 114264->114810 114266 7ff61fa4f2e4 114811 7ff61fa305f4 77 API calls 4 library calls 114266->114811 114268 7ff61fa4f309 114812 7ff61fa2cf4c 72 API calls 5 library calls 114268->114812 114270 7ff61fa4f325 114271 7ff61fa2c758 _aligned_msize 75 API calls 114270->114271 114272 7ff61fa4f331 SafeRWList 114271->114272 114273 7ff61fa4f382 114272->114273 114274 7ff61fa4f751 114272->114274 114275 7ff61fa2c758 _aligned_msize 75 API calls 114273->114275 114276 7ff61fa4f7a7 114274->114276 114825 7ff61fa617e4 114 API calls 3 library calls 114274->114825 114285 7ff61fa4f398 Concurrency::details::_TaskProcThunk::_TaskProcThunk 114275->114285 114827 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114276->114827 114279 7ff61fa4f78b 114826 7ff61fa2cf4c 72 API calls 5 library calls 114279->114826 114280 7ff61fa4f7b2 SafeRWList 114282 7ff61fa4f7c3 114280->114282 114828 7ff61fa305f4 77 API calls 4 library calls 114282->114828 114284 7ff61fa4f7d7 114829 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114284->114829 114813 7ff61fa541b0 75 API calls 3 library calls 114285->114813 114287 7ff61fa4f1ed 114287->114256 114289 7ff61fa4f442 114814 7ff61fa2cf4c 72 API calls 5 library calls 114289->114814 114291 7ff61fa4f498 Concurrency::details::WorkQueue::IsStructuredEmpty 114815 7ff61fa35dc0 72 API calls 3 library calls 114291->114815 114293 7ff61fa4f4cb 114816 7ff61fa2cf4c 72 API calls 5 library calls 114293->114816 114295 7ff61fa4f521 type_info::_name_internal_method 114296 7ff61fa4f54a 114295->114296 114297 7ff61fa4f5ec type_info::_name_internal_method 114295->114297 114817 7ff61fa4ddec 52 API calls 4 library calls 114296->114817 114301 7ff61fa4f6b3 114297->114301 114302 7ff61fa4f615 type_info::_name_internal_method 114297->114302 114299 7ff61fa4f573 114818 7ff61fa53d34 72 API calls 4 library calls 114299->114818 114822 7ff61fa35dc0 72 API calls 3 library calls 114301->114822 114820 7ff61fa393a0 72 API calls 4 library calls 114302->114820 114303 7ff61fa4f591 114819 7ff61fa2cf4c 72 API calls 5 library calls 114303->114819 114305 7ff61fa4f6dc 114311 7ff61fa4f5e7 114305->114311 114823 7ff61fa2cf4c 72 API calls 5 library calls 114305->114823 114307 7ff61fa4f65b 114821 7ff61fa2cf4c 72 API calls 5 library calls 114307->114821 114824 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114311->114824 114313 7ff61fa4f74c 114313->114133 114879 7ff61fa14df8 114314->114879 114316 7ff61fa15376 114884 7ff61fa17b28 114316->114884 114319 7ff61fa17b28 3 API calls 114320 7ff61fa154b7 114319->114320 114321 7ff61fa17b28 3 API calls 114320->114321 114322 7ff61fa154e5 114321->114322 114323 7ff61fa17b28 3 API calls 114322->114323 114324 7ff61fa15513 114323->114324 114325 7ff61fa17b28 3 API calls 114324->114325 114326 7ff61fa15541 114325->114326 114327 7ff61fa17b28 3 API calls 114326->114327 114328 7ff61fa1556f 114327->114328 114329 7ff61fa17b28 3 API calls 114328->114329 114330 7ff61fa1559d _MallocaArrayHolder 114329->114330 114888 7ff61fa11c28 114330->114888 114334 7ff61fa1560e 114895 7ff61fa285b8 114334->114895 114336 7ff61fa15624 ~ 114337 7ff61fb819e0 codecvt 8 API calls 114336->114337 114338 7ff61fa15659 114337->114338 114338->114142 114339->114140 114340->114139 114341->114147 114342->114152 114343->114156 114344->114218 114345->114220 114346->114222 114347->114224 114348->114227 114349->114230 114350->114232 114351->114236 114352->114234 114353->114241 114354->114240 114393 7ff61fa38a7c 114355->114393 114357 7ff61fa38f6d 114358 7ff61fa38fac 114357->114358 114359 7ff61fa38f91 114357->114359 114415 7ff61fa4ade8 RtlPcToFileHeader RaiseException type_info::_name_internal_method shared_ptr 114358->114415 114414 7ff61fa46d78 80 API calls type_info::_name_internal_method 114359->114414 114362 7ff61fb819e0 codecvt 8 API calls 114363 7ff61fa3926a 114362->114363 114363->114247 114364 7ff61fa38fdd SafeRWList 114416 7ff61fa45cac 21 API calls std::current_exception 114364->114416 114366 7ff61fa3902d fpos 114417 7ff61fa4ce90 RtlPcToFileHeader RaiseException type_info::_name_internal_method shared_ptr 114366->114417 114368 7ff61fa39074 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 114418 7ff61fa4ade8 RtlPcToFileHeader RaiseException type_info::_name_internal_method shared_ptr 114368->114418 114370 7ff61fa390a2 114371 7ff61fa2c758 _aligned_msize 75 API calls 114370->114371 114372 7ff61fa390b1 SafeRWList type_info::_name_internal_method 114371->114372 114419 7ff61fa39750 20 API calls 5 library calls 114372->114419 114374 7ff61fa39131 114420 7ff61fa481e0 81 API calls type_info::_name_internal_method 114374->114420 114376 7ff61fa3913f 114421 7ff61fa45784 UnDecorator::getCallIndex 114376->114421 114378 7ff61fa3916f 114422 7ff61fa41ebc 114378->114422 114382 7ff61fa391c9 114434 7ff61fa305f4 77 API calls 4 library calls 114382->114434 114384 7ff61fa391f1 114435 7ff61fa2cf4c 72 API calls 5 library calls 114384->114435 114386 7ff61fa3920d 114436 7ff61fa39ce4 75 API calls 2 library calls 114386->114436 114388 7ff61fa3921b 114437 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114388->114437 114390 7ff61fa3923a 114438 7ff61fa46d78 80 API calls type_info::_name_internal_method 114390->114438 114392 7ff61fa38fa3 114392->114362 114439 7ff61fa455ec 114393->114439 114396 7ff61fa12f1c _Mpunct 20 API calls 114397 7ff61fa38ac6 114396->114397 114445 7ff61fa50cec 114397->114445 114399 7ff61fa38adc _Receive_impl 114448 7ff61fa3178c 114399->114448 114403 7ff61fa38b3f 114409 7ff61fa38ba2 114403->114409 114461 7ff61fa29060 114403->114461 114407 7ff61fa38bc8 114495 7ff61fa46d78 80 API calls type_info::_name_internal_method 114407->114495 114494 7ff61fa45500 97 API calls 4 library calls 114409->114494 114411 7ff61fa38beb 114412 7ff61fb819e0 codecvt 8 API calls 114411->114412 114413 7ff61fa38c03 114412->114413 114413->114357 114414->114392 114415->114364 114416->114366 114417->114368 114418->114370 114419->114374 114420->114376 114421->114378 114423 7ff61fa2c758 _aligned_msize 75 API calls 114422->114423 114424 7ff61fa41efd 114423->114424 114793 7ff61fa13780 UnDecorator::getCallIndex 114424->114793 114426 7ff61fa41f1d SafeRWList UnDecorator::getVbTableType 114795 7ff61fa2c6c0 72 API calls 3 library calls 114426->114795 114428 7ff61fa41fe7 114796 7ff61fa2cc74 72 API calls type_info::_name_internal_method 114428->114796 114430 7ff61fa41ffc 114431 7ff61fb819e0 codecvt 8 API calls 114430->114431 114432 7ff61fa3919c 114431->114432 114433 7ff61fa2cf4c 72 API calls 5 library calls 114432->114433 114433->114382 114434->114384 114435->114386 114436->114388 114437->114390 114438->114392 114440 7ff61fa45608 SafeRWList Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 114439->114440 114441 7ff61fa32064 _Receive_impl 31 API calls 114440->114441 114442 7ff61fa4565a 114441->114442 114496 7ff61fa454c0 114442->114496 114505 7ff61fa544e8 114445->114505 114449 7ff61fa317c4 Concurrency::details::WorkQueue::IsStructuredEmpty 114448->114449 114450 7ff61fa317d5 MultiByteToWideChar 114449->114450 114517 7ff61fa1369c 114450->114517 114452 7ff61fa3181b Concurrency::details::WorkQueue::IsStructuredEmpty 114453 7ff61fa31856 MultiByteToWideChar 114452->114453 114454 7ff61fa31896 type_info::_name_internal_method 114453->114454 114455 7ff61fb819e0 codecvt 8 API calls 114454->114455 114456 7ff61fa318c3 114455->114456 114457 7ff61fa49e68 114456->114457 114458 7ff61fa49e8a Concurrency::details::WorkQueue::IsStructuredEmpty 114457->114458 114529 7ff61fa49ea8 114458->114529 114462 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 114461->114462 114463 7ff61fa290ab 114462->114463 114588 7ff61fa29e48 114463->114588 114469 7ff61fa2911e 114604 7ff61fa07504 114469->114604 114471 7ff61fa2914e 114472 7ff61fb819e0 codecvt 8 API calls 114471->114472 114473 7ff61fa2919a 114472->114473 114474 7ff61fae25c8 114473->114474 114475 7ff61fae25ea 114474->114475 114477 7ff61fae2605 _Receive_impl 114474->114477 114476 7ff61fae25f5 114475->114476 114478 7ff61fae26a2 _Receive_impl 114475->114478 114479 7ff61fae2600 _Receive_impl 114476->114479 114480 7ff61fae2751 _Receive_impl 114476->114480 114481 7ff61fae2d44 type_info::_name_internal_method 2 API calls 114477->114481 114685 7ff61fae2d44 114478->114685 114487 7ff61fae2d44 type_info::_name_internal_method 2 API calls 114479->114487 114485 7ff61fae2d44 type_info::_name_internal_method 2 API calls 114480->114485 114483 7ff61fae268f 114481->114483 114486 7ff61fae2e84 _Receive_impl 131 API calls 114483->114486 114489 7ff61fae27f9 114485->114489 114490 7ff61fae269d 114486->114490 114491 7ff61fae28b4 114487->114491 114492 7ff61fae2e84 _Receive_impl 131 API calls 114489->114492 114490->114409 114493 7ff61fae2e84 _Receive_impl 131 API calls 114491->114493 114492->114490 114493->114490 114494->114407 114495->114411 114497 7ff61fa454d3 114496->114497 114500 7ff61fa47ad4 114497->114500 114499 7ff61fa38ab1 114499->114396 114501 7ff61fa47af1 _Receive_impl 114500->114501 114502 7ff61fa47b78 _Receive_impl 114501->114502 114504 7ff61fb89f4c 13 API calls _get_daylight 114501->114504 114502->114499 114504->114502 114506 7ff61fa54510 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl 114505->114506 114508 7ff61fa54545 Concurrency::details::WorkQueue::IsStructuredEmpty 114506->114508 114515 7ff61fa25500 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Mtx_guard::~_Mtx_guard 114506->114515 114511 7ff61fa133ac 114508->114511 114510 7ff61fa50d18 114510->114399 114512 7ff61fa133dd Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl allocator std::current_exception 114511->114512 114514 7ff61fa134bd Concurrency::cancellation_token::_FromImpl SafeRWList __StateFromControlPc _Mpunct std::exception::~exception 114512->114514 114516 7ff61fa2558c 19 API calls _Allocate 114512->114516 114514->114510 114515->114508 114516->114514 114518 7ff61fa136c8 shared_ptr 114517->114518 114521 7ff61fa08b48 114518->114521 114520 7ff61fa136dd 114520->114452 114522 7ff61fa08b6f std::current_exception 114521->114522 114524 7ff61fa08b7b Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl std::current_exception 114522->114524 114527 7ff61fa25500 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Mtx_guard::~_Mtx_guard 114522->114527 114525 7ff61fa08bb2 SafeRWList __StateFromControlPc std::exception::~exception char_traits 114524->114525 114528 7ff61fa256a4 19 API calls _Allocate 114524->114528 114525->114520 114527->114524 114528->114525 114537 7ff61fa49db8 114529->114537 114531 7ff61fa49eec 114532 7ff61fa49f1e 114531->114532 114533 7ff61fa49ef1 114531->114533 114535 7ff61fa349b0 type_info::_name_internal_method 2 API calls 114532->114535 114534 7ff61fa33828 type_info::_name_internal_method 2 API calls 114533->114534 114536 7ff61fa49ea1 114534->114536 114535->114536 114536->114403 114538 7ff61fa49de3 114537->114538 114544 7ff61fa49ddf Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy _Receive_impl 114537->114544 114545 7ff61fb5f724 114538->114545 114541 7ff61fa47ad4 _Receive_impl 13 API calls 114542 7ff61fa49e1c _Receive_impl 114541->114542 114553 7ff61fa4537c 30 API calls 7 library calls 114542->114553 114544->114531 114547 7ff61fb5f782 114545->114547 114546 7ff61fb5f7bb 114551 7ff61fb5f7c0 _Receive_impl 114546->114551 114554 7ff61fb9c20c 114546->114554 114547->114546 114549 7ff61fa49df6 114547->114549 114550 7ff61fb9c20c type_info::_name_internal_method 99 API calls 114547->114550 114549->114541 114549->114544 114550->114546 114551->114549 114571 7ff61fb8a0d0 74 API calls type_info::_name_internal_method 114551->114571 114553->114544 114555 7ff61fb9c138 114554->114555 114556 7ff61fb9c15e 114555->114556 114558 7ff61fb9c191 114555->114558 114584 7ff61fb90e80 13 API calls _get_daylight 114556->114584 114559 7ff61fb9c1a4 114558->114559 114560 7ff61fb9c197 114558->114560 114572 7ff61fba36dc 114559->114572 114585 7ff61fb90e80 13 API calls _get_daylight 114560->114585 114564 7ff61fb9c1c5 114579 7ff61fbac604 114564->114579 114565 7ff61fb9c1b8 114586 7ff61fb90e80 13 API calls _get_daylight 114565->114586 114568 7ff61fb9c1d8 type_info::_name_internal_method 114587 7ff61fb89fa0 LeaveCriticalSection 114568->114587 114570 7ff61fb9c163 114570->114551 114571->114549 114573 7ff61fb9b4dc _Strxfrm EnterCriticalSection 114572->114573 114574 7ff61fba36f3 114573->114574 114575 7ff61fba3750 type_info::_name_internal_method 15 API calls 114574->114575 114576 7ff61fba36fe 114575->114576 114577 7ff61fb9b530 _Strxfrm LeaveCriticalSection 114576->114577 114578 7ff61fb9c1ae 114577->114578 114578->114564 114578->114565 114580 7ff61fbac264 type_info::_name_internal_method 13 API calls 114579->114580 114581 7ff61fbac62a 114580->114581 114582 7ff61fbac65e 114581->114582 114583 7ff61fbb3a24 type_info::_name_internal_method 97 API calls 114581->114583 114582->114568 114583->114582 114584->114570 114585->114570 114586->114570 114607 7ff61fa297f8 114588->114607 114594 7ff61fa29ef0 114595 7ff61fb819e0 codecvt 8 API calls 114594->114595 114596 7ff61fa290c9 114595->114596 114597 7ff61fa291a8 114596->114597 114598 7ff61fa291d0 114597->114598 114599 7ff61fa12f1c _Mpunct 20 API calls 114598->114599 114600 7ff61fa290f6 114599->114600 114601 7ff61fa0754c 114600->114601 114668 7ff61fa25714 114601->114668 114603 7ff61fa07576 SafeRWList std::current_exception 114603->114469 114677 7ff61fa12f74 114604->114677 114606 7ff61fa07537 114606->114471 114608 7ff61fa29820 114607->114608 114609 7ff61fa12f1c _Mpunct 20 API calls 114608->114609 114610 7ff61fa29d98 114609->114610 114611 7ff61fa12da4 114610->114611 114612 7ff61fa12dd4 _aligned_msize shared_ptr 114611->114612 114621 7ff61fa0caa4 114612->114621 114614 7ff61fa12e01 114615 7ff61fa2c404 114614->114615 114616 7ff61fa2c446 shared_ptr UnDecorator::getVbTableType 114615->114616 114642 7ff61fa2c324 114616->114642 114618 7ff61fa2c4fa std::current_exception 114619 7ff61fb819e0 codecvt 8 API calls 114618->114619 114620 7ff61fa2c53f 114619->114620 114620->114594 114622 7ff61fa0caf3 114621->114622 114625 7ff61fa1d6e4 114622->114625 114624 7ff61fa0cafe _aligned_msize 114624->114614 114626 7ff61fa1d707 SafeRWList 114625->114626 114634 7ff61fa1b2bc 114626->114634 114628 7ff61fa1d757 114637 7ff61fa1f820 114628->114637 114629 7ff61fa1d726 114629->114628 114641 7ff61fa1f9bc 15 API calls _aligned_msize 114629->114641 114632 7ff61fa1d774 _aligned_msize 114633 7ff61fa1d7bb Concurrency::cancellation_token_source::~cancellation_token_source 114632->114633 114633->114624 114635 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire Concurrency::cancel_current_task RtlPcToFileHeader RaiseException 114634->114635 114636 7ff61fa1b2d3 _aligned_msize 114635->114636 114636->114629 114638 7ff61fa1f839 114637->114638 114639 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire Concurrency::cancel_current_task RtlPcToFileHeader RaiseException 114638->114639 114640 7ff61fa1f875 _aligned_msize 114639->114640 114640->114632 114641->114628 114643 7ff61fa2c351 SafeRWList ctype 114642->114643 114646 7ff61fa2b598 114643->114646 114645 7ff61fa2c3d2 type_info::_name_internal_method 114645->114618 114651 7ff61fa2c82c 114646->114651 114649 7ff61fa2b76e operator&= Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy 114649->114645 114650 7ff61fa2b5c0 operator&= Concurrency::details::WorkQueue::IsStructuredEmpty SafeRWList _aligned_msize type_info::_name_internal_method 114650->114649 114659 7ff61fa0c760 114650->114659 114652 7ff61fa2c85b shared_ptr 114651->114652 114653 7ff61fa139b4 _aligned_msize _Ptr_base 114652->114653 114654 7ff61fa2c86d 114653->114654 114655 7ff61fa139b4 _aligned_msize _Ptr_base 114654->114655 114656 7ff61fa2c87e 114655->114656 114657 7ff61fa139b4 _aligned_msize _Ptr_base 114656->114657 114658 7ff61fa2c88f 114657->114658 114658->114650 114660 7ff61fa0c788 operator&= _aligned_msize type_info::_name_internal_method 114659->114660 114661 7ff61fa0b728 _aligned_msize 33 API calls 114660->114661 114663 7ff61fa0c78f _aligned_msize 114660->114663 114665 7ff61fa0c884 operator&= type_info::_name_internal_method 114661->114665 114662 7ff61fa238f0 _aligned_msize 21 API calls 114662->114665 114663->114650 114664 7ff61fa0c950 114664->114663 114667 7ff61fa0bc2c _aligned_msize 33 API calls 114664->114667 114665->114662 114665->114663 114665->114664 114666 7ff61fa0bc2c _aligned_msize 33 API calls 114665->114666 114666->114665 114667->114663 114669 7ff61fa2572c SafeRWList char_traits 114668->114669 114672 7ff61fa2574c 114669->114672 114671 7ff61fa25746 114671->114603 114673 7ff61fa2580b 114672->114673 114675 7ff61fa2578a Concurrency::cancellation_token::_FromImpl _Mpunct 114672->114675 114676 7ff61fa0c048 20 API calls 7 library calls 114673->114676 114675->114671 114676->114675 114679 7ff61fa12fab Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl std::exception::~exception type_info::_name_internal_method 114677->114679 114678 7ff61fa130a5 6 library calls 114678->114606 114679->114678 114681 7ff61fa1326c Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl std::current_exception 114679->114681 114683 7ff61fa25500 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Mtx_guard::~_Mtx_guard 114679->114683 114684 7ff61fa2558c 19 API calls _Allocate 114681->114684 114683->114681 114684->114678 114686 7ff61fae2d5f 114685->114686 114687 7ff61fae273e 114685->114687 114692 7ff61fae2ec0 RtlPcToFileHeader RaiseException Concurrency::details::WorkQueue::IsStructuredEmpty _Receive_impl 114686->114692 114689 7ff61fae2e84 114687->114689 114693 7ff61fb22ef4 114689->114693 114691 7ff61fae2ea6 114691->114490 114692->114687 114694 7ff61fb22f1e _MallocaArrayHolder _Receive_impl 114693->114694 114695 7ff61fb23125 114694->114695 114703 7ff61fb22f3d _Receive_impl type_info::_name_internal_method shared_ptr 114694->114703 114696 7ff61fb23135 114695->114696 114701 7ff61fb23144 type_info::_name_internal_method 114695->114701 114708 7ff61fb231dc 114696->114708 114698 7ff61fb819e0 codecvt 8 API calls 114700 7ff61fb231cc 114698->114700 114699 7ff61fb23116 114699->114698 114700->114691 114701->114699 114702 7ff61fa12f1c _Mpunct 20 API calls 114701->114702 114702->114699 114703->114699 114705 7ff61fa12f1c _Mpunct 20 API calls 114703->114705 114707 7ff61fb231dc _Receive_impl 131 API calls 114703->114707 114753 7ff61fa6ee58 RtlPcToFileHeader RaiseException Concurrency::details::WorkQueue::IsStructuredEmpty _Receive_impl 114703->114753 114754 7ff61fb35c08 std::bad_exception::bad_exception RtlPcToFileHeader RaiseException _Receive_impl 114703->114754 114705->114703 114707->114703 114709 7ff61fb2320e 114708->114709 114714 7ff61fb23338 _Receive_impl type_info::_name_internal_method 114708->114714 114710 7ff61fb23348 _Receive_impl 114709->114710 114711 7ff61fb23221 114709->114711 114717 7ff61fb22470 _Receive_impl 126 API calls 114710->114717 114712 7ff61fa12f1c _Mpunct 20 API calls 114711->114712 114713 7ff61fb2325c 114712->114713 114716 7ff61fa12f1c _Mpunct 20 API calls 114713->114716 114718 7ff61fa12f1c _Mpunct 20 API calls 114714->114718 114722 7ff61fb233ce _MallocaArrayHolder _Receive_impl 114714->114722 114715 7ff61fb819e0 codecvt 8 API calls 114719 7ff61fb237a6 114715->114719 114720 7ff61fb2328c 114716->114720 114717->114714 114718->114722 114719->114699 114755 7ff61fb2eed0 114720->114755 114752 7ff61fb2372d _Receive_impl 114722->114752 114769 7ff61fb2806c RtlPcToFileHeader RaiseException _Receive_impl 114722->114769 114723 7ff61fb232da _Receive_impl 114760 7ff61fb22470 114723->114760 114726 7ff61fb23545 114770 7ff61fb280f4 RtlPcToFileHeader RaiseException _Receive_impl 114726->114770 114728 7ff61fb23579 114771 7ff61fb2806c RtlPcToFileHeader RaiseException _Receive_impl 114728->114771 114730 7ff61fb235a5 114772 7ff61fb280b0 30 API calls _Receive_impl 114730->114772 114732 7ff61fb235d9 114773 7ff61fb2806c RtlPcToFileHeader RaiseException _Receive_impl 114732->114773 114734 7ff61fb23605 114735 7ff61fae2e84 _Receive_impl 131 API calls 114734->114735 114736 7ff61fb23613 114735->114736 114737 7ff61fa8fed8 _Receive_impl 31 API calls 114736->114737 114738 7ff61fb23625 114737->114738 114774 7ff61fa6f328 2 API calls 5 library calls 114738->114774 114740 7ff61fb23644 114775 7ff61fa6f328 2 API calls 5 library calls 114740->114775 114742 7ff61fb23685 114776 7ff61fa6f328 2 API calls 5 library calls 114742->114776 114744 7ff61fb236a1 114777 7ff61fb30400 30 API calls 5 library calls 114744->114777 114746 7ff61fb236d9 114778 7ff61fa6f328 2 API calls 5 library calls 114746->114778 114748 7ff61fb236f5 114779 7ff61fa6f328 2 API calls 5 library calls 114748->114779 114750 7ff61fb23711 114780 7ff61fa6f328 2 API calls 5 library calls 114750->114780 114752->114715 114753->114703 114754->114703 114756 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 114755->114756 114757 7ff61fb2ef0f 114756->114757 114758 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 114757->114758 114759 7ff61fb2ef39 type_info::_name_internal_method 114758->114759 114759->114723 114765 7ff61fb2249d std::future_error::what _mbsnset _MallocaArrayHolder _Receive_impl 114760->114765 114761 7ff61fb224c5 ISource 114762 7ff61fb819e0 codecvt 8 API calls 114761->114762 114763 7ff61fb226c3 114762->114763 114763->114714 114764 7ff61fb2257b 8 library calls 114764->114761 114767 7ff61fb26c84 _Receive_impl 21 API calls 114764->114767 114781 7ff61fb214ac 114764->114781 114765->114761 114765->114764 114789 7ff61fb37eec 114765->114789 114767->114764 114769->114726 114770->114728 114771->114730 114772->114732 114773->114734 114774->114740 114775->114742 114776->114744 114777->114746 114778->114748 114779->114750 114780->114752 114782 7ff61fb214f1 _Receive_impl pDNameNode::length 114781->114782 114788 7ff61fb218f0 56 API calls 114782->114788 114783 7ff61fb21567 114784 7ff61fb215b0 103 API calls 114783->114784 114785 7ff61fb21588 114784->114785 114786 7ff61fb819e0 codecvt 8 API calls 114785->114786 114787 7ff61fb215a0 114786->114787 114787->114764 114788->114783 114790 7ff61fb37f0e _mbsnset 114789->114790 114791 7ff61fb1e8ac _Receive_impl 101 API calls 114790->114791 114792 7ff61fb37f2f ISource 114791->114792 114792->114764 114794 7ff61fa137a8 __CxxFrameHandler2 114793->114794 114794->114426 114795->114428 114796->114430 114798 7ff61fa38506 type_info::_name_internal_method 114797->114798 114799 7ff61fa3850b 114798->114799 114800 7ff61fa38535 114798->114800 114857 7ff61fa38c14 167 API calls 8 library calls 114799->114857 114802 7ff61fa50cec type_info::_name_internal_method 20 API calls 114800->114802 114803 7ff61fa38559 114802->114803 114830 7ff61fae40a4 114803->114830 114805 7ff61fa38520 114806 7ff61fb819e0 codecvt 8 API calls 114805->114806 114807 7ff61fa385a9 114806->114807 114807->114260 114808->114262 114809->114287 114810->114266 114811->114268 114812->114270 114813->114289 114814->114291 114815->114293 114816->114295 114817->114299 114818->114303 114819->114311 114820->114307 114821->114311 114822->114305 114823->114311 114824->114313 114825->114279 114826->114276 114827->114280 114828->114284 114829->114287 114831 7ff61fae40e1 type_info::_name_internal_method 114830->114831 114832 7ff61fa3178c type_info::_name_internal_method 22 API calls 114831->114832 114833 7ff61fae40f7 114832->114833 114858 7ff61faeca50 114833->114858 114835 7ff61fae412c Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy 114836 7ff61fae414e type_info::_name_internal_method 114835->114836 114837 7ff61fae41a1 shared_ptr 114835->114837 114862 7ff61fa46d78 80 API calls type_info::_name_internal_method 114836->114862 114838 7ff61faee824 _Receive_impl 79 API calls 114837->114838 114844 7ff61fae41c4 114838->114844 114840 7ff61fae4186 SafeRWList 114841 7ff61fae43de 114840->114841 114842 7ff61fb819e0 codecvt 8 API calls 114841->114842 114843 7ff61fae43ee 114842->114843 114843->114805 114863 7ff61fad1c34 20 API calls __CxxFrameHandler2 114844->114863 114846 7ff61fae42af Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 114864 7ff61fa4ade8 RtlPcToFileHeader RaiseException type_info::_name_internal_method shared_ptr 114846->114864 114848 7ff61fae42d1 SafeRWList type_info::_name_internal_method 114865 7ff61fa39750 20 API calls 5 library calls 114848->114865 114850 7ff61fae435c 114866 7ff61fa481e0 81 API calls type_info::_name_internal_method 114850->114866 114852 7ff61fae436a 114867 7ff61fa172dc 20 API calls 4 library calls 114852->114867 114854 7ff61fae437f type_info::_name_internal_method 114868 7ff61fa46d78 80 API calls type_info::_name_internal_method 114854->114868 114856 7ff61fae43c8 SafeRWList 114856->114841 114857->114805 114859 7ff61faeca72 Concurrency::details::WorkQueue::IsStructuredEmpty 114858->114859 114869 7ff61faecae0 114859->114869 114862->114840 114863->114846 114864->114848 114865->114850 114866->114852 114867->114854 114868->114856 114870 7ff61faecb07 SafeRWList Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 114869->114870 114871 7ff61fa32064 _Receive_impl 31 API calls 114870->114871 114872 7ff61faecb59 114871->114872 114873 7ff61fa454c0 type_info::_name_internal_method 13 API calls 114872->114873 114874 7ff61faecbae 114873->114874 114875 7ff61fa49db8 type_info::_name_internal_method 116 API calls 114874->114875 114876 7ff61faecbdb 114875->114876 114877 7ff61faeca91 114876->114877 114878 7ff61fa349b0 type_info::_name_internal_method 2 API calls 114876->114878 114877->114835 114878->114877 114902 7ff61fa15870 strrchr 114879->114902 114883 7ff61fa14e1e 114883->114316 114885 7ff61fa17b40 SafeRWList 114884->114885 114923 7ff61fa0d9b4 114885->114923 114887 7ff61fa15489 114887->114319 114889 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 114888->114889 114890 7ff61fa11c59 114889->114890 114891 7ff61fa12e8c Concurrency::cancellation_token::_FromImpl 20 API calls 114890->114891 114892 7ff61fa11c77 114891->114892 114893 7ff61fa06c98 UnDecorator::getCallIndex 114892->114893 114894 7ff61fa06cbb SafeRWList 114893->114894 114894->114334 114928 7ff61fa286b4 114895->114928 114899 7ff61fa28602 Concurrency::details::WorkQueue::IsStructuredEmpty unique_lock shared_ptr delete 114900 7ff61fb819e0 codecvt 8 API calls 114899->114900 114901 7ff61fa286ab 114900->114901 114901->114336 114903 7ff61fa15897 strrchr 114902->114903 114905 7ff61fa14e0d 114903->114905 114906 7ff61fa158d1 114903->114906 114909 7ff61fa11130 114905->114909 114918 7ff61fa04ec8 12 API calls 2 library calls 114906->114918 114908 7ff61fa158d6 strrchr strrchr 114908->114905 114910 7ff61fb813a8 Concurrency::details::FreeThreadProxyFactory::Retire 3 API calls 114909->114910 114911 7ff61fa1114b 114910->114911 114912 7ff61fa11162 114911->114912 114922 7ff61fa05e94 _Yarn InitializeSRWLock InitializeSRWLock std::_Ref_count_base::_Ref_count_base 114911->114922 114919 7ff61fa13994 _Ptr_base 114912->114919 114915 7ff61fa11190 SafeRWList _Ptr_base 114920 7ff61fa13900 _Ptr_base 114915->114920 114917 7ff61fa111c2 114917->114883 114918->114908 114919->114915 114921 7ff61fa13922 _Move_construct_from SafeRWList 114920->114921 114921->114917 114922->114912 114924 7ff61fa0d9e4 114923->114924 114925 7ff61fa0da08 Concurrency::details::WorkQueue::IsStructuredEmpty SafeRWList type_info::_name_internal_method shared_ptr 114924->114925 114927 7ff61fa1ceec std::bad_exception::bad_exception RtlPcToFileHeader RaiseException Concurrency::details::WorkQueue::IsStructuredEmpty type_info::_name_internal_method 114924->114927 114925->114887 114927->114925 114929 7ff61fa286bd 114928->114929 114931 7ff61fa285e8 114929->114931 114935 7ff61fa27eec 114929->114935 114932 7ff61fa11b10 114931->114932 114933 7ff61fa13780 __CxxFrameHandler2 UnDecorator::getCallIndex 114932->114933 114934 7ff61fa11b3c 114933->114934 114934->114899 114936 7ff61fa27f1d _Receive_impl 114935->114936 114938 7ff61fa27f24 __ExceptionPtrDestroy 114935->114938 114937 7ff61fb819e0 codecvt 8 API calls 114936->114937 114939 7ff61fa28024 114937->114939 114938->114936 114944 7ff61fa119d0 15 API calls 2 library calls 114938->114944 114939->114929 114941 7ff61fa27f73 114941->114936 114942 7ff61fa27f7e PeekMessageW 114941->114942 114942->114936 114943 7ff61fa27f9d TranslateMessage DispatchMessageW 114942->114943 114943->114942 114944->114941

    Executed Functions

    Function 00007FF61FBB3634 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 284 7ff61fbb3634-7ff61fbb36a7 call 7ff61fbb3218 287 7ff61fbb36c1-7ff61fbb36cb call 7ff61fbaad80 284->287 288 7ff61fbb36a9-7ff61fbb36b2 call 7ff61fb90e60 284->288 294 7ff61fbb36e6-7ff61fbb374f CreateFileW 287->294 295 7ff61fbb36cd-7ff61fbb36e4 call 7ff61fb90e60 call 7ff61fb90e80 287->295 293 7ff61fbb36b5-7ff61fbb36bc call 7ff61fb90e80 288->293 307 7ff61fbb3a02-7ff61fbb3a22 293->307 298 7ff61fbb3751-7ff61fbb3757 294->298 299 7ff61fbb37cc-7ff61fbb37d7 GetFileType 294->299 295->293 304 7ff61fbb3799-7ff61fbb37c7 GetLastError call 7ff61fb90df4 298->304 305 7ff61fbb3759-7ff61fbb375d 298->305 300 7ff61fbb37d9-7ff61fbb3814 GetLastError call 7ff61fb90df4 CloseHandle 299->300 301 7ff61fbb382a-7ff61fbb3831 299->301 300->293 318 7ff61fbb381a-7ff61fbb3825 call 7ff61fb90e80 300->318 310 7ff61fbb3833-7ff61fbb3837 301->310 311 7ff61fbb3839-7ff61fbb383c 301->311 304->293 305->304 312 7ff61fbb375f-7ff61fbb3797 CreateFileW 305->312 315 7ff61fbb3842-7ff61fbb3897 call 7ff61fbaac98 310->315 311->315 317 7ff61fbb383e 311->317 312->299 312->304 322 7ff61fbb3899-7ff61fbb38a5 call 7ff61fbb3420 315->322 323 7ff61fbb38b6-7ff61fbb38e7 call 7ff61fbb2f98 315->323 317->315 318->293 322->323 329 7ff61fbb38a7 322->329 330 7ff61fbb38e9-7ff61fbb38eb 323->330 331 7ff61fbb38ed-7ff61fbb392f 323->331 332 7ff61fbb38a9-7ff61fbb38b1 call 7ff61fba3574 329->332 330->332 333 7ff61fbb3951-7ff61fbb395c 331->333 334 7ff61fbb3931-7ff61fbb3935 331->334 332->307 337 7ff61fbb3a00 333->337 338 7ff61fbb3962-7ff61fbb3966 333->338 334->333 336 7ff61fbb3937-7ff61fbb394c 334->336 336->333 337->307 338->337 339 7ff61fbb396c-7ff61fbb39b1 CloseHandle CreateFileW 338->339 341 7ff61fbb39b3-7ff61fbb39e1 GetLastError call 7ff61fb90df4 call 7ff61fbaaec0 339->341 342 7ff61fbb39e6-7ff61fbb39fb 339->342 341->342 342->337
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: File$CreateErrorLast$CloseHandle$Type
    • String ID:
    • API String ID: 352418905-0
    • Opcode ID: 1683614fd7384c168ded3005eaa0a013fd8659bb665d2677337498cc904a72ea
    • Instruction ID: 13ccfe44a8dcf9197400e34ab591c63f53359eb14c5498a7b75b0c13f459724a
    • Opcode Fuzzy Hash: 1683614fd7384c168ded3005eaa0a013fd8659bb665d2677337498cc904a72ea
    • Instruction Fuzzy Hash: FCC1CE32B29E4286EB20DFA9C4916AC3761FB4AFA8B054625DF1E97394DF38E455C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA8F40 Relevance: 9.3, APIs: 6, Instructions: 335timeCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 474 7ff61fba8f40-7ff61fba8f7b call 7ff61fba8638 call 7ff61fba8640 call 7ff61fba86a8 481 7ff61fba8f81-7ff61fba8f8c call 7ff61fba8648 474->481 482 7ff61fba91a5-7ff61fba91f1 call 7ff61fb883f0 call 7ff61fba8638 call 7ff61fba8640 call 7ff61fba86a8 474->482 481->482 487 7ff61fba8f92-7ff61fba8f9c 481->487 508 7ff61fba932f-7ff61fba939d call 7ff61fb883f0 call 7ff61fb9992c 482->508 509 7ff61fba91f7-7ff61fba9202 call 7ff61fba8648 482->509 489 7ff61fba8fbe-7ff61fba8fc2 487->489 490 7ff61fba8f9e-7ff61fba8fa1 487->490 494 7ff61fba8fc5-7ff61fba8fcd 489->494 493 7ff61fba8fa4-7ff61fba8faf 490->493 496 7ff61fba8fb1-7ff61fba8fb8 493->496 497 7ff61fba8fba-7ff61fba8fbc 493->497 494->494 498 7ff61fba8fcf-7ff61fba8fe2 call 7ff61fba2fcc 494->498 496->493 496->497 497->489 501 7ff61fba8feb-7ff61fba8ff9 497->501 504 7ff61fba8fe4-7ff61fba8fe6 call 7ff61fba1974 498->504 505 7ff61fba8ffa-7ff61fba9006 call 7ff61fba1974 498->505 504->501 515 7ff61fba900d-7ff61fba9015 505->515 527 7ff61fba939f-7ff61fba93a6 508->527 528 7ff61fba93ab-7ff61fba93ae 508->528 509->508 517 7ff61fba9208-7ff61fba9213 call 7ff61fba8678 509->517 515->515 518 7ff61fba9017-7ff61fba9028 call 7ff61fba1c3c 515->518 517->508 526 7ff61fba9219-7ff61fba923c call 7ff61fba1974 GetTimeZoneInformation 517->526 518->482 529 7ff61fba902e-7ff61fba9084 call 7ff61fb82f50 * 4 call 7ff61fba8e5c 518->529 542 7ff61fba9304-7ff61fba932e call 7ff61fba8630 call 7ff61fba8620 call 7ff61fba8628 526->542 543 7ff61fba9242-7ff61fba9263 526->543 531 7ff61fba943b-7ff61fba943e 527->531 532 7ff61fba93b0 528->532 533 7ff61fba93e5-7ff61fba93f8 call 7ff61fba2fcc 528->533 586 7ff61fba9086-7ff61fba908a 529->586 535 7ff61fba9444-7ff61fba944c call 7ff61fba8f40 531->535 536 7ff61fba93b3 call 7ff61fba91bc 531->536 532->536 550 7ff61fba9403-7ff61fba941e call 7ff61fb9992c 533->550 551 7ff61fba93fa 533->551 546 7ff61fba93b8-7ff61fba93e4 call 7ff61fba1974 call 7ff61fb819e0 535->546 536->546 552 7ff61fba926e-7ff61fba9275 543->552 553 7ff61fba9265-7ff61fba926b 543->553 573 7ff61fba9420-7ff61fba9423 550->573 574 7ff61fba9425-7ff61fba9437 call 7ff61fba1974 550->574 559 7ff61fba93fc-7ff61fba9401 call 7ff61fba1974 551->559 556 7ff61fba9289 552->556 557 7ff61fba9277-7ff61fba927f 552->557 553->552 564 7ff61fba928b-7ff61fba92ff call 7ff61fb82f50 * 4 call 7ff61fb9b8a0 call 7ff61fba9454 * 2 556->564 557->556 563 7ff61fba9281-7ff61fba9287 557->563 559->532 563->564 564->542 573->559 574->531 588 7ff61fba9090-7ff61fba9094 586->588 589 7ff61fba908c 586->589 588->586 591 7ff61fba9096-7ff61fba90bb call 7ff61fb958bc 588->591 589->588 597 7ff61fba90be-7ff61fba90c2 591->597 599 7ff61fba90d1-7ff61fba90d5 597->599 600 7ff61fba90c4-7ff61fba90cf 597->600 599->597 600->599 602 7ff61fba90d7-7ff61fba90db 600->602 605 7ff61fba915c-7ff61fba9160 602->605 606 7ff61fba90dd-7ff61fba9105 call 7ff61fb958bc 602->606 608 7ff61fba9162-7ff61fba9164 605->608 609 7ff61fba9167-7ff61fba9174 605->609 614 7ff61fba9123-7ff61fba9127 606->614 615 7ff61fba9107 606->615 608->609 610 7ff61fba918f-7ff61fba919e call 7ff61fba8630 call 7ff61fba8620 609->610 611 7ff61fba9176-7ff61fba918c call 7ff61fba8e5c 609->611 610->482 611->610 614->605 620 7ff61fba9129-7ff61fba9147 call 7ff61fb958bc 614->620 618 7ff61fba910a-7ff61fba9111 615->618 618->614 621 7ff61fba9113-7ff61fba9121 618->621 626 7ff61fba9153-7ff61fba915a 620->626 621->614 621->618 626->605 627 7ff61fba9149-7ff61fba914d 626->627 627->605 628 7ff61fba914f 627->628 628->626
    APIs
    • _get_daylight.LIBCMT ref: 00007FF61FBA8F74
    • _get_daylight.LIBCMT ref: 00007FF61FBA8F85
      • Part of subcall function 00007FF61FBA1974: HeapFree.KERNEL32(?,?,?,00007FF61FBAEC72,?,?,?,00007FF61FBAEFEF,?,?,00000000,00007FF61FBAF401,?,?,?,00007FF61FBAF333), ref: 00007FF61FBA198A
      • Part of subcall function 00007FF61FBA1974: GetLastError.KERNEL32(?,?,?,00007FF61FBAEC72,?,?,?,00007FF61FBAEFEF,?,?,00000000,00007FF61FBAF401,?,?,?,00007FF61FBAF333), ref: 00007FF61FBA1994
      • Part of subcall function 00007FF61FB883F0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF61FB8839F,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FB883F9
      • Part of subcall function 00007FF61FB883F0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF61FB8839F,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FB8841E
    • _get_daylight.LIBCMT ref: 00007FF61FBA91EA
    • _get_daylight.LIBCMT ref: 00007FF61FBA91FB
    • _get_daylight.LIBCMT ref: 00007FF61FBA920C
    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,00007FF61FBA944C), ref: 00007FF61FBA9233
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _get_daylight$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
    • String ID:
    • API String ID: 4054679499-0
    • Opcode ID: a7f7fa46eaa73e1857a3f596e8ff0e5331f4960e32c0882fbc5e577b30e026b8
    • Instruction ID: 552618e690cf4da006768672e33e89e8a8f4f56bf53a3d2b27338c8442976e30
    • Opcode Fuzzy Hash: a7f7fa46eaa73e1857a3f596e8ff0e5331f4960e32c0882fbc5e577b30e026b8
    • Instruction Fuzzy Hash: 91D19036A18A4286EB30EF25D8501B967A1FF8AFA4F444135EA4EC7AE5DF3CE441D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA91BC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
    Download Yara Rule
    APIs
    • _get_daylight.LIBCMT ref: 00007FF61FBA91EA
    • _get_daylight.LIBCMT ref: 00007FF61FBA91FB
    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,00007FF61FBA944C), ref: 00007FF61FBA9233
    • _get_daylight.LIBCMT ref: 00007FF61FBA920C
      • Part of subcall function 00007FF61FBA1974: HeapFree.KERNEL32(?,?,?,00007FF61FBAEC72,?,?,?,00007FF61FBAEFEF,?,?,00000000,00007FF61FBAF401,?,?,?,00007FF61FBAF333), ref: 00007FF61FBA198A
      • Part of subcall function 00007FF61FBA1974: GetLastError.KERNEL32(?,?,?,00007FF61FBAEC72,?,?,?,00007FF61FBAEFEF,?,?,00000000,00007FF61FBAF401,?,?,?,00007FF61FBAF333), ref: 00007FF61FBA1994
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _get_daylight$ErrorFreeHeapInformationLastTimeZone
    • String ID:
    • API String ID: 3260271300-0
    • Opcode ID: 0771239589c8968552cd0ffe429b660eb41cee14c553c906557ce3ec17d04c60
    • Instruction ID: 82e5b96ac25b431ea7d3989565f4de8529518bce175a5cc90eacc56ec693a5a5
    • Opcode Fuzzy Hash: 0771239589c8968552cd0ffe429b660eb41cee14c553c906557ce3ec17d04c60
    • Instruction Fuzzy Hash: 36518236A18E4286F730DF25E8801AA67A1FF89FA4F445135EA4EC3AA5DF3CE401D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA4F1A0 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 279COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff61fa4f1a0-7ff61fa4f1d7 call 7ff61fa2e268 3 7ff61fa4f1d9-7ff61fa4f200 call 7ff61fa305f4 0->3 4 7ff61fa4f205-7ff61fa4f2b2 call 7ff61fa2c758 call 7ff61fa12f1c call 7ff61fa384dc call 7ff61fa16550 call 7ff61fa45784 call 7ff61fa41ebc 0->4 10 7ff61fa4f7f7-7ff61fa4f80e call 7ff61fb819e0 3->10 21 7ff61fa4f2b7-7ff61fa4f37c call 7ff61fa2cf4c call 7ff61fa305f4 call 7ff61fa2cf4c call 7ff61fa2c758 call 7ff61fa0a898 call 7ff61fa202b4 4->21 35 7ff61fa4f382-7ff61fa4f404 call 7ff61fa2c758 call 7ff61fa59d3c call 7ff61fa5a768 call 7ff61fa2e268 21->35 36 7ff61fa4f751-7ff61fa4f760 call 7ff61fa2e268 21->36 58 7ff61fa4f406-7ff61fa4f412 35->58 59 7ff61fa4f414-7ff61fa4f41b 35->59 41 7ff61fa4f7a8-7ff61fa4f7ef call 7ff61fa2cc74 SafeRWList call 7ff61fa305f4 call 7ff61fa2cc74 36->41 42 7ff61fa4f762-7ff61fa4f7a7 call 7ff61fa617e4 call 7ff61fa2cf4c 36->42 41->10 42->41 61 7ff61fa4f420-7ff61fa4f544 call 7ff61fa541b0 call 7ff61fa2a208 call 7ff61fa2cf4c Concurrency::details::WorkQueue::IsStructuredEmpty call 7ff61fa35dc0 call 7ff61fa2a208 call 7ff61fa2cf4c call 7ff61fa543a4 58->61 59->61 77 7ff61fa4f54a-7ff61fa4f5e7 call 7ff61fa4ddec call 7ff61fa53d34 call 7ff61fa2a208 call 7ff61fa2cf4c 61->77 78 7ff61fa4f5ec-7ff61fa4f60f call 7ff61fa543a4 61->78 100 7ff61fa4f732-7ff61fa4f74c call 7ff61fa62358 call 7ff61fa2cc74 77->100 84 7ff61fa4f6b3-7ff61fa4f725 call 7ff61fa35dc0 call 7ff61fa2a208 78->84 85 7ff61fa4f615-7ff61fa4f6b1 call 7ff61fa543a4 call 7ff61fa393a0 call 7ff61fa2a208 call 7ff61fa2cf4c 78->85 84->100 101 7ff61fa4f72d call 7ff61fa2cf4c 84->101 85->100 101->100
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcTask$Concurrency::details::_ThunkThunk::_shared_ptr
    • String ID: /neutralino.config.json$add$bool$int$path$replace$true$value$value$value
    • API String ID: 2050219756-3961192436
    • Opcode ID: 245bc84785fd2c131b324a7a65030b7b030315a4e35d140014170a52984dd492
    • Instruction ID: 7ca394fe08419fb59d143c9ba50538eccf6665a98eca1bd56a50b082776833c2
    • Opcode Fuzzy Hash: 245bc84785fd2c131b324a7a65030b7b030315a4e35d140014170a52984dd492
    • Instruction Fuzzy Hash: 73F1C53260DFC2D5DA70DB15E8912EAB3A4FB85B90F405236EA8D87B69DF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1FD68 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 193COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • _CallMemberFunction0.LIBCPMTD ref: 00007FF61FB1FF11
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FA32C10: std::bad_exception::~bad_exception.LIBCMTD ref: 00007FF61FA32C3A
    • shared_ptr.LIBCMTD ref: 00007FF61FB1FF95
    • shared_ptr.LIBCMTD ref: 00007FF61FB2009C
    • ~.LIBCPMTD ref: 00007FF61FB20149
      • Part of subcall function 00007FF61FA8FED8: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FA8FF21
      • Part of subcall function 00007FF61FA6F328: char_traits.LIBCPMTD ref: 00007FF61FA6F349
      • Part of subcall function 00007FF61FA6EE58: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA6EE7A
      • Part of subcall function 00007FF61FA6F328: std::ios_base::width.LIBCPMTD ref: 00007FF61FA6F6B2
      • Part of subcall function 00007FF61FA9B478: std::ios_base::getloc.LIBCPMTD ref: 00007FF61FA9B4ED
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyProcessorQueue::StructuredVirtualWorkshared_ptr$CallConcurrency::Function0MemberRootRoot::char_traitsstd::bad_exception::~bad_exceptionstd::ios_base::getlocstd::ios_base::width
    • String ID: ) [validId$ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $Invalid logger ID [$] WITH MESSAGE "$]. Not registering this logger.
    • API String ID: 2733344608-1161900074
    • Opcode ID: ac0d6ee09391a1669d07a3331ce5e019960ef6bed9db9976911cd92267e4343b
    • Instruction ID: 39bdbb85eca143a4481a72298f23fa44ae3a6e22ae39ef4be4e54ef343666e96
    • Opcode Fuzzy Hash: ac0d6ee09391a1669d07a3331ce5e019960ef6bed9db9976911cd92267e4343b
    • Instruction Fuzzy Hash: 36A1F92660DFC681EA70DB15F4943AAB3A0FBC5B90F404132EA8D87B6ADF2DD145CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA25E34 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 63threadCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA14E28: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA14E3B
      • Part of subcall function 00007FF61FA14E28: LoadLibraryA.KERNELBASE(?,?,?,?,00007FF61FA25E7A), ref: 00007FF61FA14E43
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • GetSystemDirectoryA.KERNEL32 ref: 00007FF61FA25E8C
    • GetSystemDirectoryA.KERNEL32 ref: 00007FF61FA25EBC
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA25EF1
    • CreateActCtxA.KERNEL32 ref: 00007FF61FA25F1A
    • Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam.LIBCMTD ref: 00007FF61FA25F35
      • Part of subcall function 00007FF61FA16DEC: FreeLibrary.KERNELBASE ref: 00007FF61FA16E08
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$EmptyQueue::StructuredWork$DirectoryFreeInitialLibrarySystemThread$CreateLoadParamParam::~ProcessorRoot::Virtualchar_traits
    • String ID: 8$comdlg32.dll$shell32.dll$|
    • API String ID: 170406098-4237949593
    • Opcode ID: 7bf126ca0e28e29065bf1acda3acab569e195be43a4ccf4efd949051a7d54634
    • Instruction ID: 5f33d1c8aa7e0be9b2b833a8ac1638529c565aa50d2e034c9d6b7f61ff165557
    • Opcode Fuzzy Hash: 7bf126ca0e28e29065bf1acda3acab569e195be43a4ccf4efd949051a7d54634
    • Instruction Fuzzy Hash: 1D314D32A1CE8196E760DB24F4513AAB3B1FBC5764F415136E68E83A69EF3CD505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB24E44 Relevance: 15.2, APIs: 10, Instructions: 214COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::ListPtr_baseSafeWork$Base::ContextIdentityQueue$shared_ptr$Concurrency::details::_EmptyQueue::SchedulerScheduler::_Structured
    • String ID:
    • API String ID: 887668581-0
    • Opcode ID: a3c2dac85d4c2ce34af3879b4d5ce3103566935b38bba6cf1fb051d7e7840269
    • Instruction ID: 26b3020d9bab0560a570e2df4b799d7297167821d96e42ae01461af7883ae7c7
    • Opcode Fuzzy Hash: a3c2dac85d4c2ce34af3879b4d5ce3103566935b38bba6cf1fb051d7e7840269
    • Instruction Fuzzy Hash: 87C19F72609FCA85DAB19B55E4813EEB3A0FBC9B90F404126DA8D87B69DF3CD155CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB20B08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 168COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
      • Part of subcall function 00007FF61FB2EFFC: shared_ptr.LIBCMTD ref: 00007FF61FB2F020
    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB20B8A
      • Part of subcall function 00007FF61FB2EFA8: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB2EFB6
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FB1FD68: _CallMemberFunction0.LIBCPMTD ref: 00007FF61FB1FF11
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • shared_ptr.LIBCMTD ref: 00007FF61FB20D21
    • shared_ptr.LIBCMTD ref: 00007FF61FB20D37
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$shared_ptr$Concurrency::RootRoot::$CallConcurrency::details::EmptyFunction0MemberQueue::StructuredWorkchar_traits
    • String ID: DefaultLogDispatchCallback$default
    • API String ID: 3451348287-1579782929
    • Opcode ID: 0ec04e52a3692c7c38070762d87602f792ef5843103cd63cb49b8dcca1079ad4
    • Instruction ID: f91ff66c10a8f2dd7aba3096aa212854bae65db2f014aab8a7ac011ee8d4b36d
    • Opcode Fuzzy Hash: 0ec04e52a3692c7c38070762d87602f792ef5843103cd63cb49b8dcca1079ad4
    • Instruction Fuzzy Hash: 0781D476609F8581EA70DB15F4913AEB7A0FBCAB90F404135EACD87B6ADE3DD0558B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB218F0 Relevance: 8.0, APIs: 5, Instructions: 520COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 762 7ff61fb218f0-7ff61fb219bb call 7ff61fb373cc call 7ff61fb35dc0 call 7ff61fa08200 call 7ff61fb1d600 call 7ff61fa25548 call 7ff61fa12e8c call 7ff61fb370fc 777 7ff61fb219bd-7ff61fb21a0f call 7ff61fb373cc call 7ff61fb37678 call 7ff61fa12f1c call 7ff61fb17fa4 call 7ff61fa16550 762->777 778 7ff61fb21a14-7ff61fb21a28 call 7ff61fb370fc 762->778 777->778 784 7ff61fb21b18-7ff61fb21b2c call 7ff61fb370fc 778->784 785 7ff61fb21a2e-7ff61fb21b13 call 7ff61fa07364 call 7ff61fb17464 call 7ff61fb36fbc call 7ff61fa12f1c call 7ff61fb17fa4 call 7ff61fa16550 * 3 778->785 792 7ff61fb21c00-7ff61fb21c14 call 7ff61fb370fc 784->792 793 7ff61fb21b32-7ff61fb21b85 call 7ff61fa08200 call 7ff61fb1d63c call 7ff61fa494c0 call 7ff61fa25b88 call 7ff61fb18958 784->793 785->784 806 7ff61fb21c16-7ff61fb21c66 call 7ff61fa25548 call 7ff61fa12f1c call 7ff61fb17fa4 call 7ff61fa16550 792->806 807 7ff61fb21c6b-7ff61fb21c7f call 7ff61fb370fc 792->807 841 7ff61fb21b8a-7ff61fb21bfb call 7ff61fa12f1c call 7ff61fb17fa4 call 7ff61fa16550 * 2 793->841 806->807 817 7ff61fb21d4d-7ff61fb21d61 call 7ff61fb370fc 807->817 818 7ff61fb21c85-7ff61fb21d48 call 7ff61fb184c0 call 7ff61fa1fe0c call 7ff61fa25b88 call 7ff61fb17828 call 7ff61fa12f1c * 2 call 7ff61fb17fa4 call 7ff61fa16550 * 2 807->818 833 7ff61fb21d67-7ff61fb21e46 call 7ff61fb184c0 call 7ff61fa1fe0c call 7ff61fb178e8 call 7ff61fa12f1c * 2 call 7ff61fb17fa4 call 7ff61fa16550 * 2 817->833 834 7ff61fb21e4b-7ff61fb21e5f call 7ff61fb370fc 817->834 818->817 833->834 851 7ff61fb21f36-7ff61fb21f4a call 7ff61fb370fc 834->851 852 7ff61fb21e65-7ff61fb21f31 call 7ff61fb184c0 call 7ff61fb372f4 call 7ff61fb18304 call 7ff61fa12f1c * 2 call 7ff61fb17fa4 call 7ff61fa16550 * 2 834->852 841->792 867 7ff61fb21f50-7ff61fb2207e call 7ff61fb184c0 call 7ff61fa1fe0c call 7ff61fa25b88 call 7ff61fb17828 call 7ff61fb18458 * 2 call 7ff61fb372f4 call 7ff61fb18304 call 7ff61fa12f1c * 2 call 7ff61fb17fa4 call 7ff61fa16550 * 2 851->867 868 7ff61fb22083-7ff61fb22093 call 7ff61fa08200 851->868 852->851 867->868 883 7ff61fb22099-7ff61fb220ad call 7ff61fb370fc 868->883 884 7ff61fb22185-7ff61fb22199 call 7ff61fb370fc 868->884 883->884 904 7ff61fb220b3-7ff61fb22180 call 7ff61fb184c0 call 7ff61fb37fb4 call 7ff61fb18304 call 7ff61fa12f1c * 2 call 7ff61fb17fa4 call 7ff61fa16550 * 2 883->904 905 7ff61fb2219b-7ff61fb221eb call 7ff61fb36b54 call 7ff61fa12f1c call 7ff61fb17fa4 call 7ff61fa16550 884->905 906 7ff61fb221f0-7ff61fb22292 call 7ff61fa07364 call 7ff61fb368bc call 7ff61fb2dbe0 call 7ff61fa07364 call 7ff61fb368a8 call 7ff61fa37374 call 7ff61fa07364 call 7ff61fb368a8 call 7ff61fa377b8 call 7ff61fa178f0 884->906 904->884 905->906 981 7ff61fb22298-7ff61fb223e9 call 7ff61fa0a898 * 2 call 7ff61fa12f1c call 7ff61fa081f4 call 7ff61fa26608 call 7ff61fa25a70 call 7ff61fa39750 call 7ff61fa0a898 call 7ff61fa1fe0c call 7ff61fa18918 call 7ff61fb17fa4 call 7ff61fa16550 * 3 906->981 982 7ff61fb223ee-7ff61fb223f8 906->982 983 7ff61fb223fa-7ff61fb22409 call 7ff61fa46d04 982->983 984 7ff61fb2240e-7ff61fb22469 call 7ff61fa12e0c call 7ff61fb2f0fc call 7ff61fa16550 call 7ff61fb819e0 982->984 983->984
    APIs
      • Part of subcall function 00007FF61FA12E8C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA12EA9
    • std::current_exception.LIBCMTD ref: 00007FF61FB21A4A
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB21CA7
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB21F77
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB21B60
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$char_traitsstd::current_exception
    • String ID:
    • API String ID: 2954733057-0
    • Opcode ID: d7bd6e193216cc878edba54d512c5e2591f41086e500b91d486ba324706a6a92
    • Instruction ID: 306e0aab017664a663670240a7c2fcf6ff538729517cc79b687a6368ea2a6464
    • Opcode Fuzzy Hash: d7bd6e193216cc878edba54d512c5e2591f41086e500b91d486ba324706a6a92
    • Instruction Fuzzy Hash: 2342F76260DEC291EA70EB15E8513EFB360FBC5B50F405132E68DC7AAAEE2DD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1E724 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
      • Part of subcall function 00007FF61FB1E39C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB1E408
      • Part of subcall function 00007FF61FB1E39C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB1E46E
      • Part of subcall function 00007FF61FB1E39C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB1E4A6
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FB1E814
    • SafeRWList.LIBCMTD ref: 00007FF61FB1E82A
    • SafeRWList.LIBCMTD ref: 00007FF61FB1E847
      • Part of subcall function 00007FF61FA6F328: char_traits.LIBCPMTD ref: 00007FF61FA6F349
      • Part of subcall function 00007FF61FA6F328: std::ios_base::width.LIBCPMTD ref: 00007FF61FA6F6B2
    Strings
    • Could not load empty file for logging, please re-check your configurations for level [, xrefs: 00007FF61FB1E777
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ListSafe$Fac_nodeFac_node::_char_traitsstd::_std::ios_base::width
    • String ID: Could not load empty file for logging, please re-check your configurations for level [
    • API String ID: 2897330207-3023662395
    • Opcode ID: 0ff6b9c14179d325931eaa2f8c2e036dd505fd2c213bf3049edf0c0cd883748c
    • Instruction ID: ea2362bdb889dc0ff3583d0f3cd43c82fbbf0f7a2063dc936c847edc23ba87f8
    • Opcode Fuzzy Hash: 0ff6b9c14179d325931eaa2f8c2e036dd505fd2c213bf3049edf0c0cd883748c
    • Instruction Fuzzy Hash: 60413761A1DE8292EA20DB15F4513BEB361FFC6B60F801136E68DC769ADF6CE505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1E8AC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB1E9BA
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID: fileStream$filename$maxLogFileSize
    • API String ID: 1865873047-804276554
    • Opcode ID: 34b1d1f221e2d6584aef1ca872b35e1955801f5bf70445e6c8b1da8bd3171853
    • Instruction ID: f93a5a6dad473da4ff10392961460dd9d2947d434a88c94b410fe6dba05bc46b
    • Opcode Fuzzy Hash: 34b1d1f221e2d6584aef1ca872b35e1955801f5bf70445e6c8b1da8bd3171853
    • Instruction Fuzzy Hash: 97313B32A1CE8181EA70DB11F4513AAA770FBC6BA4F504135EA8DC7B6ADE3CE505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA431C Relevance: 6.2, APIs: 4, Instructions: 219COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1090 7ff61fba431c-7ff61fba4341 1091 7ff61fba460f 1090->1091 1092 7ff61fba4347-7ff61fba434a 1090->1092 1095 7ff61fba4611-7ff61fba4621 1091->1095 1093 7ff61fba4383-7ff61fba43af 1092->1093 1094 7ff61fba434c-7ff61fba437e call 7ff61fb882d4 1092->1094 1097 7ff61fba43b1-7ff61fba43b8 1093->1097 1098 7ff61fba43ba-7ff61fba43c0 1093->1098 1094->1095 1097->1094 1097->1098 1100 7ff61fba43d0-7ff61fba43e5 call 7ff61fbb0be8 1098->1100 1101 7ff61fba43c2-7ff61fba43cb call 7ff61fba5e30 1098->1101 1105 7ff61fba44ff-7ff61fba4508 1100->1105 1106 7ff61fba43eb-7ff61fba43f4 1100->1106 1101->1100 1107 7ff61fba450a-7ff61fba4510 1105->1107 1108 7ff61fba455c-7ff61fba4581 WriteFile 1105->1108 1106->1105 1109 7ff61fba43fa-7ff61fba43fe 1106->1109 1114 7ff61fba4512-7ff61fba4515 1107->1114 1115 7ff61fba4548-7ff61fba4555 call 7ff61fba3dd4 1107->1115 1112 7ff61fba4583-7ff61fba4589 GetLastError 1108->1112 1113 7ff61fba458c 1108->1113 1110 7ff61fba440f-7ff61fba441a 1109->1110 1111 7ff61fba4400-7ff61fba4408 call 7ff61fb90420 1109->1111 1117 7ff61fba442b-7ff61fba4440 GetConsoleMode 1110->1117 1118 7ff61fba441c-7ff61fba4425 1110->1118 1111->1110 1112->1113 1120 7ff61fba458f 1113->1120 1121 7ff61fba4534-7ff61fba4546 call 7ff61fba3ff4 1114->1121 1122 7ff61fba4517-7ff61fba451a 1114->1122 1127 7ff61fba455a 1115->1127 1125 7ff61fba4446-7ff61fba444c 1117->1125 1126 7ff61fba44f8 1117->1126 1118->1105 1118->1117 1128 7ff61fba4594 1120->1128 1135 7ff61fba44ec-7ff61fba44f3 1121->1135 1129 7ff61fba45a0-7ff61fba45aa 1122->1129 1130 7ff61fba4520-7ff61fba4532 call 7ff61fba3ed8 1122->1130 1133 7ff61fba4452-7ff61fba4455 1125->1133 1134 7ff61fba44d5-7ff61fba44e7 call 7ff61fba395c 1125->1134 1126->1105 1127->1135 1136 7ff61fba4599 1128->1136 1137 7ff61fba4608-7ff61fba460d 1129->1137 1138 7ff61fba45ac-7ff61fba45b1 1129->1138 1130->1135 1142 7ff61fba4460-7ff61fba446e 1133->1142 1143 7ff61fba4457-7ff61fba445a 1133->1143 1134->1135 1135->1128 1136->1129 1137->1095 1139 7ff61fba45df-7ff61fba45e9 1138->1139 1140 7ff61fba45b3-7ff61fba45b6 1138->1140 1147 7ff61fba45f0-7ff61fba45ff 1139->1147 1148 7ff61fba45eb-7ff61fba45ee 1139->1148 1145 7ff61fba45cf-7ff61fba45da call 7ff61fb90e3c 1140->1145 1146 7ff61fba45b8-7ff61fba45c7 1140->1146 1149 7ff61fba4470 1142->1149 1150 7ff61fba44cc-7ff61fba44d0 1142->1150 1143->1136 1143->1142 1145->1139 1146->1145 1147->1137 1148->1091 1148->1147 1152 7ff61fba4474-7ff61fba448b call 7ff61fbb0e30 1149->1152 1150->1120 1156 7ff61fba44c3-7ff61fba44c9 GetLastError 1152->1156 1157 7ff61fba448d-7ff61fba4499 1152->1157 1156->1150 1158 7ff61fba44b8-7ff61fba44bf 1157->1158 1159 7ff61fba449b-7ff61fba44ad call 7ff61fbb0e30 1157->1159 1158->1150 1161 7ff61fba44c1 1158->1161 1159->1156 1163 7ff61fba44af-7ff61fba44b6 1159->1163 1161->1152 1163->1158
    APIs
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF61FBA4307), ref: 00007FF61FBA4438
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF61FBA4307), ref: 00007FF61FBA44C3
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode
    • String ID:
    • API String ID: 953036326-0
    • Opcode ID: bca0275e491b0bd6f39dffb9a24d6380cb0aa89da50e9c2588ee4c3e32bc965d
    • Instruction ID: b84f0a99d96dbf06a66785a646be48aa4b8012a4881b5fc34ee6ab2a9f896de2
    • Opcode Fuzzy Hash: bca0275e491b0bd6f39dffb9a24d6380cb0aa89da50e9c2588ee4c3e32bc965d
    • Instruction Fuzzy Hash: DC919D72A18E52C5F770DF6994402BD2BE4AB46FA8F144139DE0E96AA9DF3CD446C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE40A4 Relevance: 6.2, APIs: 4, Instructions: 156COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA317D0
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA317FC
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3182E
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31851
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA3187E
      • Part of subcall function 00007FF61FAECA50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAECA6D
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FAE4142
    • SafeRWList.LIBCMTD ref: 00007FF61FAE418F
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FAE42B7
      • Part of subcall function 00007FF61FA46D78: std::bad_exception::~bad_exception.LIBCMTD ref: 00007FF61FA46DA2
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$EmptyQueue::StructuredWork$ByteCharMultiWide$Concurrency::details::_CriticalListLock::_ProcessorProxyReentrantRoot::SafeSchedulerScoped_lockScoped_lock::~_Virtualstd::bad_exception::~bad_exception
    • String ID:
    • API String ID: 3364796599-0
    • Opcode ID: eda018b4fd675a99fe42fc1f03a9dbf2070b8def5e4df4efe848dda2778ad0dc
    • Instruction ID: 06037bd1b04367eff6aebed2560ac970b4d59dc6ab5b87cf5856829a834aa5b6
    • Opcode Fuzzy Hash: eda018b4fd675a99fe42fc1f03a9dbf2070b8def5e4df4efe848dda2778ad0dc
    • Instruction Fuzzy Hash: E781C936619EC6C1DA60DB15E4913AEB360FBD5BA0F405231EA8D87BAADF3CD445CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA18460 Relevance: 6.1, APIs: 4, Instructions: 60windowCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA04D80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA04DC4
      • Part of subcall function 00007FF61FA04D80: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA04DF0
      • Part of subcall function 00007FF61FA04D80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA04E22
      • Part of subcall function 00007FF61FA04D80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA04E45
      • Part of subcall function 00007FF61FA04D80: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA04E72
      • Part of subcall function 00007FF61FA15684: _Init_thread_footer.LIBCMT ref: 00007FF61FA156EB
      • Part of subcall function 00007FF61FA15684: ActivateActCtx.KERNEL32 ref: 00007FF61FA15709
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA184DF
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA184EE
    • GetActiveWindow.USER32 ref: 00007FF61FA184F8
    • MessageBoxW.USER32 ref: 00007FF61FA18517
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16FD4: DeactivateActCtx.KERNEL32 ref: 00007FF61FA16FE7
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWide$ActivateActiveDeactivateInit_thread_footerMessageWindowchar_traits
    • String ID:
    • API String ID: 2104785063-0
    • Opcode ID: 108de08525635e2920ccf70db52cf42fab9e1da38a32b3dc66011f13102f66dc
    • Instruction ID: 0a6a936a39b9421ffbdb152cc6adccbef3ffc4d0c0438b70cbb0e6e318e1d520
    • Opcode Fuzzy Hash: 108de08525635e2920ccf70db52cf42fab9e1da38a32b3dc66011f13102f66dc
    • Instruction Fuzzy Hash: 8631067260DA8186DA20DB15F4912AAB7A0FBC6B94F405136EACE83B69DF2DD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB5F038 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: HandleModuleMtx_unlock$CallbackFreeLibraryReturnsWhen
    • String ID:
    • API String ID: 640058810-0
    • Opcode ID: 6cc97a605b0b154df51a047c2472126a32a3ba8acd49a5af7f208dd7ec2f8055
    • Instruction ID: 79b51941dedecb7381ab289eaae9830bdfbb0b428d741bd9baf5ffb75e673798
    • Opcode Fuzzy Hash: 6cc97a605b0b154df51a047c2472126a32a3ba8acd49a5af7f208dd7ec2f8055
    • Instruction Fuzzy Hash: 19215E21E0DE0741FE24AB25F9911B96371AF96FE4F184432D90DC22B6EF2DE846C301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA38F44 Relevance: 4.7, APIs: 3, Instructions: 156COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_fposshared_ptrstd::bad_exception::~bad_exception
    • String ID:
    • API String ID: 2417882248-0
    • Opcode ID: 37ced8c6f37e753bae83456350f797afeb841ebd7230e61a8f8550a8ac2eb5f7
    • Instruction ID: 7f616258205f2a43661f31e8aa7daf2db14511ee6eacdb77a1644996535b33f4
    • Opcode Fuzzy Hash: 37ced8c6f37e753bae83456350f797afeb841ebd7230e61a8f8550a8ac2eb5f7
    • Instruction Fuzzy Hash: 2E81D63261DEC1D5DA60DB25E4913EEB7A1FBC5B90F805136E68D83B6ADE2CD505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1F2A8 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FB2EFFC: shared_ptr.LIBCMTD ref: 00007FF61FB2F020
    • DNameNode::DNameNode.LIBCMTD ref: 00007FF61FB1F2D7
      • Part of subcall function 00007FF61FA12E8C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA12EA9
      • Part of subcall function 00007FF61FA8FED8: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FA8FF21
      • Part of subcall function 00007FF61FB1ADD4: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB1ADE2
    • shared_ptr.LIBCMTD ref: 00007FF61FB1F3A7
      • Part of subcall function 00007FF61FA13960: _Ptr_base.LIBCMTD ref: 00007FF61FA13973
    • shared_ptr.LIBCMTD ref: 00007FF61FB1F3BB
      • Part of subcall function 00007FF61FA13994: _Ptr_base.LIBCMTD ref: 00007FF61FA139A2
      • Part of subcall function 00007FF61FB1FAF8: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FB1FB46
      • Part of subcall function 00007FF61FB1F6C0: shared_ptr.LIBCMTD ref: 00007FF61FB1F7FB
      • Part of subcall function 00007FF61FA166A0: _Ptr_base.LIBCMTD ref: 00007FF61FA166AE
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtualshared_ptr$Ptr_base$Concurrency::NameRootRoot::$Concurrency::details::EmptyFac_nodeFac_node::_NodeNode::Queue::StructuredWorkstd::_
    • String ID:
    • API String ID: 3997111779-0
    • Opcode ID: af0be2849e0b9045c372ccc96b5fb2e48382f4af5372756f0eadd122a8310af5
    • Instruction ID: 66bafb1425b2dbb777a79eb14f420e269dae61e914689d30b493b7f0833e3648
    • Opcode Fuzzy Hash: af0be2849e0b9045c372ccc96b5fb2e48382f4af5372756f0eadd122a8310af5
    • Instruction Fuzzy Hash: A4310D7260DF8582DA10DB5AE49136FB360FBC6BA4F401035EA8D9776ADEBCD111CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1FC8C Relevance: 4.6, APIs: 3, Instructions: 51COMMON
    Download Yara Rule
    APIs
    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB1FC9F
    • shared_ptr.LIBCMTD ref: 00007FF61FB1FCCC
      • Part of subcall function 00007FF61FA13960: _Ptr_base.LIBCMTD ref: 00007FF61FA13973
      • Part of subcall function 00007FF61FB1ADD4: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB1ADE2
    • shared_ptr.LIBCPMTD ref: 00007FF61FB1FCFB
      • Part of subcall function 00007FF61FA1393C: _Ptr_base.LIBCMTD ref: 00007FF61FA1394F
      • Part of subcall function 00007FF61FB2D004: shared_ptr.LIBCMTD ref: 00007FF61FB2D05F
      • Part of subcall function 00007FF61FB2D004: _Ptr_base.LIBCPMTD ref: 00007FF61FB2D082
      • Part of subcall function 00007FF61FA173A0: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA173D4
      • Part of subcall function 00007FF61FA166A0: _Ptr_base.LIBCMTD ref: 00007FF61FA166AE
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorPtr_baseVirtual$shared_ptr$Concurrency::RootRoot::$type_info::_name_internal_method
    • String ID:
    • API String ID: 2411395351-0
    • Opcode ID: 10fa1c15caa1db0f23d44cb9fe67f62ce48eb1f9db0aa88e2b2e1f7a8685cc69
    • Instruction ID: 923e53fa292b29b9b97bfecb71e835695336042a449103867e5af4821bf61231
    • Opcode Fuzzy Hash: 10fa1c15caa1db0f23d44cb9fe67f62ce48eb1f9db0aa88e2b2e1f7a8685cc69
    • Instruction Fuzzy Hash: 1C11B772A1DF8982DE10EB26E45136BB361FFC5B94F401131EA8D83B6ADE2CE0118B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA17FE0 Relevance: 4.5, APIs: 3, Instructions: 34threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Base::Concurrency::details::ContextCurrentEnumIdentityQueueThreadWindowsWork
    • String ID:
    • API String ID: 3160820471-0
    • Opcode ID: 1c3070d5c38b88759c8690e5bccdad43945386c797c82f1fdb97db91a1a455aa
    • Instruction ID: d9ad179fa898cd54c7e180049820f9c136be43d3651a8d1f1ffddfa6f1612eca
    • Opcode Fuzzy Hash: 1c3070d5c38b88759c8690e5bccdad43945386c797c82f1fdb97db91a1a455aa
    • Instruction Fuzzy Hash: 8A018376608B8586DB20DB1AE48115ABBB0FB89B98F504166EB8C83B29DF3DD5518B04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1D7AC Relevance: 3.4, APIs: 2, Instructions: 415COMMON
    Download Yara Rule
    APIs
    • shared_ptr.LIBCMTD ref: 00007FF61FB1DFFA
      • Part of subcall function 00007FF61FA12E8C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA12EA9
      • Part of subcall function 00007FF61FB24D70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FB24D83
      • Part of subcall function 00007FF61FB24D70: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FB24D94
      • Part of subcall function 00007FF61FB24D70: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FB24DAC
      • Part of subcall function 00007FF61FB24D70: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FB24DC4
      • Part of subcall function 00007FF61FB2D5D8: SafeRWList.LIBCMTD ref: 00007FF61FB2D5FA
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::Work$Base::ContextEmptyIdentityListQueueQueue::SafeStructuredshared_ptr
    • String ID:
    • API String ID: 3946823555-0
    • Opcode ID: 6cd6cf1c30147301492353cfab4eebbdc755c3b75aa9d830d5f74154fbaaabc7
    • Instruction ID: c721c3f4f0055c42f270c082230abb70f4a7060160507df6ce74c3a48e9e9e60
    • Opcode Fuzzy Hash: 6cd6cf1c30147301492353cfab4eebbdc755c3b75aa9d830d5f74154fbaaabc7
    • Instruction Fuzzy Hash: FF22C57261CEC585DA70EB15E4913EEB7A0FBC9B94F404132EA8D87B6ADE2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB215B0 Relevance: 3.2, APIs: 2, Instructions: 169COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CallConcurrency::details::EmptyFunction0MemberQueue::StructuredWork
    • String ID:
    • API String ID: 3848629085-0
    • Opcode ID: c472eb36c9ce3f8a813afbf1358e088a85d585a991d369ac99f4be144e5c726b
    • Instruction ID: 19a991f2eb2b090a1a8705c5330f87e529b414aa4010cfd506c6a835683e36b4
    • Opcode Fuzzy Hash: c472eb36c9ce3f8a813afbf1358e088a85d585a991d369ac99f4be144e5c726b
    • Instruction Fuzzy Hash: 6581CC36A09F8685EA60EB16E45136E77A0FBC6F90F504135EA8DC7B66DF3CE4058B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB22470 Relevance: 3.1, APIs: 2, Instructions: 125COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr
    • String ID:
    • API String ID: 2025160788-0
    • Opcode ID: a7be6b924405d8b3d795790c5d167938044927aa502ef3c5d8168b5a837d3b7f
    • Instruction ID: 9b12c7896a9ea7836bab4d84cf3860930d52bfde73348bda68db8bb4b0a20c39
    • Opcode Fuzzy Hash: a7be6b924405d8b3d795790c5d167938044927aa502ef3c5d8168b5a837d3b7f
    • Instruction Fuzzy Hash: 00511026A1CE8281EB60DB25E4513AE77A0FBC5F90F804132EA8DC77A5DF6DE545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA3DD4 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: ce5d9d9fe6a358a57e3fc888bae1bbb56212eadd9040dd56344589f3f637776b
    • Instruction ID: e792a7612682fe034c78f4d60467d520017d2fb66e42d88f59e97cbb0e00c33b
    • Opcode Fuzzy Hash: ce5d9d9fe6a358a57e3fc888bae1bbb56212eadd9040dd56344589f3f637776b
    • Instruction Fuzzy Hash: B231D572A19E8296DB209F25E4402E977A4FB59BD0F484032EB4EC3765DF7DD452C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA4D05C Relevance: 3.1, APIs: 2, Instructions: 59COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: fpos
    • String ID:
    • API String ID: 1083263101-0
    • Opcode ID: 4558ecc344e45d319764b21ad91792b8f6a29b78e8c402f9242b388a784f4749
    • Instruction ID: d10a9e6dcba5eb673ef883181dda709681c9fad1af7d5b666358bf9a311540fc
    • Opcode Fuzzy Hash: 4558ecc344e45d319764b21ad91792b8f6a29b78e8c402f9242b388a784f4749
    • Instruction Fuzzy Hash: B121EA2660CE82C1DA50DB19E45036EA7B0FBC5FA4F144236EB9D87BA9CF6DD844CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA5C44 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF61FBA5C30,?,?,?,?,?,00007FF61FBA5D39), ref: 00007FF61FBA5C90
    • GetLastError.KERNEL32(?,?,?,?,?,00007FF61FBA5C30,?,?,?,?,?,00007FF61FBA5D39), ref: 00007FF61FBA5C9A
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: cfb30e5b4490e6784e2ac3ae852a9a3e9ebb2087cdb6cfa1d7bf31c2bab4db63
    • Instruction ID: 6d532bc5e8245196e6c9ba1bcf93998e0726e57ac9c26048abf76a2cbe3c07c7
    • Opcode Fuzzy Hash: cfb30e5b4490e6784e2ac3ae852a9a3e9ebb2087cdb6cfa1d7bf31c2bab4db63
    • Instruction Fuzzy Hash: B411A362B08E8281DA208B25B84416DA7A5BB86FF4F544331EE7D87BE9DF7CD1518740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA15684 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
    Download Yara Rule
    APIs
    • ActivateActCtx.KERNEL32 ref: 00007FF61FA15709
      • Part of subcall function 00007FF61FB817C4: EnterCriticalSection.KERNEL32(?,?,-5555555555555556,00007FF61FA025D5,?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF61FA0292A), ref: 00007FF61FB817D4
      • Part of subcall function 00007FF61FA25E34: GetSystemDirectoryA.KERNEL32 ref: 00007FF61FA25E8C
      • Part of subcall function 00007FF61FA25E34: GetSystemDirectoryA.KERNEL32 ref: 00007FF61FA25EBC
      • Part of subcall function 00007FF61FA25E34: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA25EF1
      • Part of subcall function 00007FF61FA25E34: CreateActCtxA.KERNEL32 ref: 00007FF61FA25F1A
      • Part of subcall function 00007FF61FA25E34: Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam.LIBCMTD ref: 00007FF61FA25F35
    • _Init_thread_footer.LIBCMT ref: 00007FF61FA156EB
      • Part of subcall function 00007FF61FB81764: EnterCriticalSection.KERNEL32(?,?,-5555555555555556,00007FF61FA02648,?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF61FA0292A), ref: 00007FF61FB81774
      • Part of subcall function 00007FF61FB81764: LeaveCriticalSection.KERNEL32(?,?,-5555555555555556,00007FF61FA02648,?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF61FA0292A), ref: 00007FF61FB817B4
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CriticalSection$Concurrency::details::DirectoryEnterInitialSystemThread$ActivateCreateEmptyFreeInit_thread_footerLeaveParamParam::~ProcessorQueue::Root::StructuredVirtualWork
    • String ID:
    • API String ID: 2777565826-0
    • Opcode ID: 900dc9e7c10e08cbff411ad46edf87707e1565271fd9c1875ab67409fc6a7ff3
    • Instruction ID: d1b84890cc907b7f4697d5216d0f63f42398c5c2f7790d7596139c0b0af02df8
    • Opcode Fuzzy Hash: 900dc9e7c10e08cbff411ad46edf87707e1565271fd9c1875ab67409fc6a7ff3
    • Instruction Fuzzy Hash: 5101F724A18E82C5EA50DB19F85026633B0FBD4FB4F500A3AD56EC63E5CF2CE4499B01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB813A8 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 1173176844-0
    • Opcode ID: 7fcabbead915d2165402509859eafc9f5079d758dca65bfa13664026ab670fa5
    • Instruction ID: d70332dc064fef3077ab2a97234da501fc43cc346b98e8a2dc0ec28af096c5c8
    • Opcode Fuzzy Hash: 7fcabbead915d2165402509859eafc9f5079d758dca65bfa13664026ab670fa5
    • Instruction Fuzzy Hash: D2E01240F0E90755FD78317258160B903801F9BF70F1C1B30D97ED46C3AD5CB4955150
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA14E28 Relevance: 3.0, APIs: 2, Instructions: 12libraryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyLibraryLoadQueue::StructuredWork
    • String ID:
    • API String ID: 3086495127-0
    • Opcode ID: e949c9525d5187faa4cf9aaf6cfe811c23a19f6685b607fd7deacb4eb5a98c8a
    • Instruction ID: 3882b4d30d663cf934577fa622d5f2c6a4e5696ce471f59b7bf67864cbf17d06
    • Opcode Fuzzy Hash: e949c9525d5187faa4cf9aaf6cfe811c23a19f6685b607fd7deacb4eb5a98c8a
    • Instruction Fuzzy Hash: 69D01732A2AF81C2CA44EF22F89402D7364FBC9B94F405420FA8E83724DF3CC0618B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1F6C0 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_$shared_ptr
    • String ID:
    • API String ID: 298425905-0
    • Opcode ID: b0634a2f01801b6df77d3db5ec7199c42167d7a9b44020736197ab40b3363abe
    • Instruction ID: 9f8bdf925600a38c369ac5ff48e410f2fad9dbd3654c7d3c2ea31a2dd3685aee
    • Opcode Fuzzy Hash: b0634a2f01801b6df77d3db5ec7199c42167d7a9b44020736197ab40b3363abe
    • Instruction Fuzzy Hash: 1041E67660CF8585DA70DB26F4903AEB7A0FBC5B94F404135EA8D87BAADE2CD445CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1D24C Relevance: 1.6, APIs: 1, Instructions: 85COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Ptr_base$type_info::_name_internal_method
    • String ID:
    • API String ID: 3077009934-0
    • Opcode ID: fab0c73c24d28417d3824aa008d493b3b30b6d9d9df2be1a1acb6c19e001ef47
    • Instruction ID: 7875c423582c354213a02eebdf9a6f8cee4e174d67a84e641c2d3da284c7d020
    • Opcode Fuzzy Hash: fab0c73c24d28417d3824aa008d493b3b30b6d9d9df2be1a1acb6c19e001ef47
    • Instruction Fuzzy Hash: A4312061A09F4682DF14EB6AE49536EA370FFC3F98F500035EA8D57766CE2DD4118B08
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAECAE0 Relevance: 1.6, APIs: 1, Instructions: 76COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FAECB24
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$Concurrency::RootRoot::
    • String ID:
    • API String ID: 3936482309-0
    • Opcode ID: 50be606ab44bdeabd905bc03e8021c7c85f6b0327a9b1e6d967e934c21fb1f08
    • Instruction ID: 8cfb3c904a4aa78326df9e2c49ae2fc3f1e32082347b688856452cb302077f79
    • Opcode Fuzzy Hash: 50be606ab44bdeabd905bc03e8021c7c85f6b0327a9b1e6d967e934c21fb1f08
    • Instruction Fuzzy Hash: 67310A72608F85C6DB50CB5AE49172EB7A0FBC9B94F405526EA8D83B29DFBCD010CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB2E57C Relevance: 1.6, APIs: 1, Instructions: 76COMMON
    Download Yara Rule
    APIs
    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB2E5D0
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$Concurrency::RootRoot::
    • String ID:
    • API String ID: 3936482309-0
    • Opcode ID: 65b87c5085edcf561e6c4dfabe818acfb32a84b61fd5d1adcc661d363a97b800
    • Instruction ID: b9f6b079e0dcdfed6c0001e3f26f30b0086704e8ae10acdf92f51d6507ea7230
    • Opcode Fuzzy Hash: 65b87c5085edcf561e6c4dfabe818acfb32a84b61fd5d1adcc661d363a97b800
    • Instruction Fuzzy Hash: 0B31EC76618F85C6DB50CF5AE49122EB7A0FBC5BA4F404126EA8D83B69DFBCD011CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA031C4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FB813A8: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF61FB813D8
      • Part of subcall function 00007FF61FB813A8: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF61FB813DE
    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FA0321A
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_taskProcessorVirtual$Concurrency::RootRoot::
    • String ID:
    • API String ID: 3626641236-0
    • Opcode ID: d9ea7c890a59b016de43713313c32905f960390986d5abcfdc676ab44cd759e7
    • Instruction ID: 9adbb8e77792b48549dcd19a4746915a9d11b75918ce48ac3db8a24061e6e861
    • Opcode Fuzzy Hash: d9ea7c890a59b016de43713313c32905f960390986d5abcfdc676ab44cd759e7
    • Instruction Fuzzy Hash: 4A31053251DF8682E660DB14F49036AB7A0FBC9BA4F501235E6CE86BA9DF7CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1F9FC Relevance: 1.6, APIs: 1, Instructions: 55COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FB1FAD3
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Base::Concurrency::details::ContextIdentityQueueWork
    • String ID:
    • API String ID: 2086788075-0
    • Opcode ID: 3d96334ae102ae8a86d5703e7977fb0b745da60a504bdd2d19d74bb65b20e04b
    • Instruction ID: b83aab7edc93205d5f312154e363e2f42c75e272d35418ee388fdbf1d20c71df
    • Opcode Fuzzy Hash: 3d96334ae102ae8a86d5703e7977fb0b745da60a504bdd2d19d74bb65b20e04b
    • Instruction Fuzzy Hash: 9E21D632A1CF8582DA10DB15E45036BB7B1FBC5B94F504125EA8D87B6ADF3CD446CB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAEE824 Relevance: 1.6, APIs: 1, Instructions: 50COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: fpos
    • String ID:
    • API String ID: 1083263101-0
    • Opcode ID: d50b55b0c6ad665eb4dbb301a2957c1e9d80d5c85d418b4f3924adc58345d90d
    • Instruction ID: 1eb13aa5667175c6ed766ed9d9a2c4acb18650cc5eb799e0183c567c751ffd9c
    • Opcode Fuzzy Hash: d50b55b0c6ad665eb4dbb301a2957c1e9d80d5c85d418b4f3924adc58345d90d
    • Instruction Fuzzy Hash: 2C11F122A19E45C2DA50DB1AE49116EA7A0FBC5BE0F505221FB9D837B5DF2CD441CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1749C Relevance: 1.5, APIs: 1, Instructions: 38COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB174C1
      • Part of subcall function 00007FF61FB2E57C: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FB2E5D0
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$Concurrency::Concurrency::details::EmptyQueue::RootRoot::StructuredWork
    • String ID:
    • API String ID: 2161866976-0
    • Opcode ID: e88fb4eb53106e56b1a66ac11d4dcd1d62f50c3762a00384028a93131796e938
    • Instruction ID: 619a5de57852cc0660713a609193e06cb2c4a593bb8aa49ec5ba8e405ec14319
    • Opcode Fuzzy Hash: e88fb4eb53106e56b1a66ac11d4dcd1d62f50c3762a00384028a93131796e938
    • Instruction Fuzzy Hash: AC11DD2162CE8182EA609B15F45176EB7A0FBC6B90F601035F68E87BA9DF3DD4118B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA380D4 Relevance: 1.5, APIs: 1, Instructions: 35networkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Startup
    • String ID:
    • API String ID: 724789610-0
    • Opcode ID: 7ea05ddc3a6272dfbbb846c9803886fab9d37a7fad7e51ab8d2a3189a526da3f
    • Instruction ID: a12126eec6fe0e29063703e0c171741a540198437e77e9d587120615ff58cac5
    • Opcode Fuzzy Hash: 7ea05ddc3a6272dfbbb846c9803886fab9d37a7fad7e51ab8d2a3189a526da3f
    • Instruction Fuzzy Hash: 4401757261C7D28AEB758B19E4513B977A0FB85745F400039DACD86B4ACE2CC111DF50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAECA50 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAECA6D
      • Part of subcall function 00007FF61FAECAE0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FAECB24
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$Concurrency::Concurrency::details::EmptyQueue::RootRoot::StructuredWork
    • String ID:
    • API String ID: 2161866976-0
    • Opcode ID: 0a9b848b45a2f8885df069c4dfaa7269ead98af4f68d874f883e2eeb6976719b
    • Instruction ID: 3062861e952b48605a590fcae001c6523498aeaa8258118376a4995f02f2ab0b
    • Opcode Fuzzy Hash: 0a9b848b45a2f8885df069c4dfaa7269ead98af4f68d874f883e2eeb6976719b
    • Instruction Fuzzy Hash: DD013D76618B8486CB10DF1AE49121ABB70F7C9B85F608126EB8D87B29CF39D911CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA2FCC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlAllocateHeap.NTDLL(?,?,?,00007FF61FB8BB04,?,?,?,00007FF61FB8D16E,?,?,?,?,?,00007FF61FB8F741), ref: 00007FF61FBA300A
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 883664cdc1a726bec035e59d8064d2af73bf5f38f23d5c64a7f356bd69c8cdac
    • Instruction ID: 56e912baf793f6f5a50736a20f20861e7239f76f3784495788421533a386ab96
    • Opcode Fuzzy Hash: 883664cdc1a726bec035e59d8064d2af73bf5f38f23d5c64a7f356bd69c8cdac
    • Instruction Fuzzy Hash: 4FF01C41F0EE4745FA7557B159417B513C05F56FB0F0C0631DD2EC66E2DE6DE8909620
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA0B0A4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FA0B0D1
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_
    • String ID:
    • API String ID: 2154540393-0
    • Opcode ID: ac684038196f64571b66f6e392371b4d75e150f997e8bfdc4a95a717416855c3
    • Instruction ID: d5b3c889fae128a1031edc2e0d2bfc60040615629de34406eed7e7aaa2bd7089
    • Opcode Fuzzy Hash: ac684038196f64571b66f6e392371b4d75e150f997e8bfdc4a95a717416855c3
    • Instruction Fuzzy Hash: 48F012A2A0CA81C1DA10E725E4512AF7B30EFD6BD4F504235E6CD8776ADE2CD1118B04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA49E68 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA49E85
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: e1d09e3d3934f56441fc911fc04e0bb6252741b7f922845d532dd0104d2322f2
    • Instruction ID: c1dbad878cb548eaf13d0f7625849394640bdd1af5231e0eb1184c5eda6f9b1c
    • Opcode Fuzzy Hash: e1d09e3d3934f56441fc911fc04e0bb6252741b7f922845d532dd0104d2322f2
    • Instruction Fuzzy Hash: 4AE09A72A2868086C754DB12F84145EBB64FBD9BD0F505524FA8947B29DF2DD5618F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA37488 Relevance: 1.5, APIs: 1, Instructions: 12networkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Cleanup
    • String ID:
    • API String ID: 99945797-0
    • Opcode ID: a9689d3d27ac5f15beb2d5970f1bb0f673cdf3913e3a909aa18a5c1b4320ea1c
    • Instruction ID: a2e4148bbb90b51c26e11a95edd2666660dec4498487d7c758e787a233268f48
    • Opcode Fuzzy Hash: a9689d3d27ac5f15beb2d5970f1bb0f673cdf3913e3a909aa18a5c1b4320ea1c
    • Instruction Fuzzy Hash: F5D0A934B19F4283D7485B2EA84002823A0EB86B35B900238E61C827E0CE2CC8918B10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB18D64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Time$FileSystemtype_info::_name_internal_method
    • String ID:
    • API String ID: 2094862455-0
    • Opcode ID: eeb76eb0787c7d22c89e14d2eb7cfad523a217604d526657dab26efd28c312c7
    • Instruction ID: dabf96ac9598f0b5052ca2adffcc5ddb0ecb7ee6471780b230cb3e01933e1730
    • Opcode Fuzzy Hash: eeb76eb0787c7d22c89e14d2eb7cfad523a217604d526657dab26efd28c312c7
    • Instruction Fuzzy Hash: 07D06762A1CB8591CA20EB14F88105AA770FBC5794F904521EBCD82A79DF6DC255CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA36DD4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Free
    • String ID:
    • API String ID: 3978063606-0
    • Opcode ID: 40dd92b0362f1379489332f335377a611435673a4006011336bd6c58ba5b4f8d
    • Instruction ID: e0b2456da5b882a760b7bad4a2467647d03fd7a596bc286e0add73aa8cc8ef46
    • Opcode Fuzzy Hash: 40dd92b0362f1379489332f335377a611435673a4006011336bd6c58ba5b4f8d
    • Instruction Fuzzy Hash: 87C01236F39A41C2DA44AB21F48141D7320FBC8F50F805030EA8E43725CE3CD4588B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA10C68 Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA10C76
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
    • String ID:
    • API String ID: 2443641946-0
    • Opcode ID: 07e41a9a6cee8c03fc5d499b838db7ad80f352af18108d64329dcbbf4010f751
    • Instruction ID: 7a0ab95a327341eba6631e7621dda7685855c87e3b8fe2211c140d0b02e1fc02
    • Opcode Fuzzy Hash: 07e41a9a6cee8c03fc5d499b838db7ad80f352af18108d64329dcbbf4010f751
    • Instruction Fuzzy Hash: 09B092A2E39A81D1CA04BB22E8820196320ABD5B50F945020E68981615CD2CD0A54B00
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF61FB71594 Relevance: 81.8, APIs: 54, Instructions: 808COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctypeGetvals
    • String ID:
    • API String ID: 553569086-0
    • Opcode ID: fe121af7f5365e07fe10dd54abbcf772a7629118b6ce291f6f8e65890ebeb0e6
    • Instruction ID: 65a6ffe58c43b7fe5e0e55eeccc8caa3ae0ac1b7c76c91b689f280042ecc65ae
    • Opcode Fuzzy Hash: fe121af7f5365e07fe10dd54abbcf772a7629118b6ce291f6f8e65890ebeb0e6
    • Instruction Fuzzy Hash: CE826921E0DE4685FB65DB21E8402BA27B2AF46FE0F045235E90ED77A5EF3CE541A350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB708EC Relevance: 81.8, APIs: 54, Instructions: 808COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctype
    • String ID:
    • API String ID: 19648113-0
    • Opcode ID: 59fe2976a16d25d0e9ccc859b1b1fa05f2a8f2b8dd0da972fc9bdb7734ef4325
    • Instruction ID: 6df9557cb9572ddfb7265fe4cbafc6b276f91817366e37b5b3df0a834a6edccd
    • Opcode Fuzzy Hash: 59fe2976a16d25d0e9ccc859b1b1fa05f2a8f2b8dd0da972fc9bdb7734ef4325
    • Instruction Fuzzy Hash: 13825A21E0DE4685EB65DB25E8402BA27B1EF46FE4F045235E90ED77A6EF3CE541A300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB7E0A0 Relevance: 50.0, APIs: 33, Instructions: 503COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::details::EmptyGetcollLocinfoLocinfo::~_Queue::StructuredWork
    • String ID:
    • API String ID: 894383206-0
    • Opcode ID: 9b37a9161e70accf8019adfd49a5ac449d9e98b86cb75957aae2ad801d6befd9
    • Instruction ID: 94cb9fe7183f8900f13dd9faa3e4bc4a78bfbc358ffc4c1be2a389382233e442
    • Opcode Fuzzy Hash: 9b37a9161e70accf8019adfd49a5ac449d9e98b86cb75957aae2ad801d6befd9
    • Instruction Fuzzy Hash: 2C323721E0DE4685FB65DB21E8502BA27B4AF56FE4F085235EA0ED77A5EF3CE4419300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB58BA0 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 322threadclipboardregistryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: InitialThread$Concurrency::details::FreeGlobalParamParam::~ProcessorRoot::Virtual$ClipboardConcurrency::details::_SchedulerScheduler::_$AllocCreateDataFormatLockRegisterStream
    • String ID: $ niW$PNG
    • API String ID: 1707703551-827523279
    • Opcode ID: b9770d1548e1ff90dcc520f105f398d77760f64991c828ef4d38cc9bf20b2a1c
    • Instruction ID: 79f1d9282d286250d7b3ea64163f735905fe2d1b5e6e6e252d44fe484b709e74
    • Opcode Fuzzy Hash: b9770d1548e1ff90dcc520f105f398d77760f64991c828ef4d38cc9bf20b2a1c
    • Instruction Fuzzy Hash: 2FF1D77661DA858BD774DB19E49036ABBA1F7C9B54F004129EA8E87BA8DF3CD444CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB3DA30 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 296comCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Initialize$CallCreateDecorator::getIndexInstanceSecurity
    • String ID: Name$ROOT\CIMV2$SELECT Name FROM Win32_OperatingSystem$WQL
    • API String ID: 4283161113-3333656375
    • Opcode ID: 077ca2dc856a82b64dbb68198b1cfed5c97eaa7ee4e7acb852c316c194384643
    • Instruction ID: af65fba6eb3a364d76c5210002a572d68a26d677ebf955182cca64c0bc1399f8
    • Opcode Fuzzy Hash: 077ca2dc856a82b64dbb68198b1cfed5c97eaa7ee4e7acb852c316c194384643
    • Instruction Fuzzy Hash: 25E1153261DAC696E770DB11E4913EAB360FBC5B64F404136E68D83AA9DF7CE549CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB5844C Relevance: 15.1, APIs: 10, Instructions: 122threadclipboardCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Global$InitialThread$ByteCharClipboardConcurrency::details::DataFreeLockMultiParamParam::~ProcessorRoot::UnlockVirtualWide$Alloc
    • String ID:
    • API String ID: 2686545088-0
    • Opcode ID: b75b9a9662b1653259d0e4e3174641ea7dc4e43f6f4fee5f99db47e57d62eafa
    • Instruction ID: b78f4e5ea7610e9cc97e333d7ecacc1b93512fad1d431cc4918955bd4b75b106
    • Opcode Fuzzy Hash: b75b9a9662b1653259d0e4e3174641ea7dc4e43f6f4fee5f99db47e57d62eafa
    • Instruction Fuzzy Hash: E0512F2161DA8186EB60DB15F45436EABA0FBD6B94F405035F6CE83BA9DF3CD445CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE50A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: File$Concurrency::details::EmptyFindQueue::StructuredWork$CloseHandleListSafe$CreateFirstInformationNextSize
    • String ID: /*.*
    • API String ID: 1997218077-1014195128
    • Opcode ID: 13631a18c1bea310b6b1f93422cd9c4cf1fdde637f13d229c81119f5d2cadfe5
    • Instruction ID: 6db2cb6748a79c8d252cb37d82c15ee4273a3c50522adf3582cab21c2c8eba2b
    • Opcode Fuzzy Hash: 13631a18c1bea310b6b1f93422cd9c4cf1fdde637f13d229c81119f5d2cadfe5
    • Instruction Fuzzy Hash: A751107261CAC2D5DA70DB15E4513EAB360FBC4B64F405231E6CDC6AAADF6CD645CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB3E0A4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 104registryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: OpenQueryValue
    • String ID: BuildLabEx$BuildLabEx$Software\Microsoft\Windows NT\CurrentVersion$UBR
    • API String ID: 4153817207-1885149912
    • Opcode ID: 3160322fff14debf098a25c352fbe377b61b3ed1f8076b357a5693d3c68cd5e6
    • Instruction ID: a1b0871842f134bfefb71e312df318876bb2514121cc8931480ff1901f646518
    • Opcode Fuzzy Hash: 3160322fff14debf098a25c352fbe377b61b3ed1f8076b357a5693d3c68cd5e6
    • Instruction Fuzzy Hash: DB514C3261CF4186E760DB25F49176AB7A4FB86BA4F505136E68D83A69DF3CD508CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB55BF4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94memoryfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Heap$CreateProcess$AllocCloseCompletionFileFreeHandlePort
    • String ID: (
    • API String ID: 1614625100-3887548279
    • Opcode ID: 27d75da1ffc58828d14fe2db8c86b38c6c3b04d45de4380e2d80e7c73c508f6e
    • Instruction ID: 46f5b922612359cd2f20d64effb3bd14de0982feb0ee3ca7505d3f0403442d06
    • Opcode Fuzzy Hash: 27d75da1ffc58828d14fe2db8c86b38c6c3b04d45de4380e2d80e7c73c508f6e
    • Instruction Fuzzy Hash: 0651B336608F8582E7609B59F44476AB7B0F7CABA4F204135EA8D87BA8CF7DD445CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB596E4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51clipboardregistryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ClipboardGlobal$Format$AvailableConcurrency::details::_CreateDataLockRegisterSchedulerScheduler::_SizeStreamUnlock
    • String ID: PNG
    • API String ID: 2717934966-364855578
    • Opcode ID: 549924e64750216a56e0f7aa407a86dbe656f003df2c444ae5a3c8d04d31333c
    • Instruction ID: f617a32de72067c6734345ac53e39cb9ae1026bffc8ed5c09e8efa91229ca3a0
    • Opcode Fuzzy Hash: 549924e64750216a56e0f7aa407a86dbe656f003df2c444ae5a3c8d04d31333c
    • Instruction Fuzzy Hash: A921FC2691CE8282E770DF11E85026A77A0FBC6FA8F541175E68EC3A79DF2CD549CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBB07A0 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FBA1614: GetLastError.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1623
      • Part of subcall function 00007FF61FBA1614: FlsGetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1638
      • Part of subcall function 00007FF61FBA1614: SetLastError.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA16C3
      • Part of subcall function 00007FF61FBA1614: FlsSetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1659
    • GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF61FBB0910
      • Part of subcall function 00007FF61FBA1614: FlsSetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1686
      • Part of subcall function 00007FF61FBA1614: FlsSetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1697
      • Part of subcall function 00007FF61FBA1614: FlsSetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA16A8
    • EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF61FBA00A1), ref: 00007FF61FBB08F7
    • ProcessCodePage.LIBCMT ref: 00007FF61FBB093A
    • IsValidCodePage.KERNEL32 ref: 00007FF61FBB094C
    • IsValidLocale.KERNEL32 ref: 00007FF61FBB0962
    • GetLocaleInfoW.KERNEL32 ref: 00007FF61FBB09BE
    • GetLocaleInfoW.KERNEL32 ref: 00007FF61FBB09DA
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
    • String ID:
    • API String ID: 2591520935-0
    • Opcode ID: 5811e0487402d9d09f7ce087656701d5d3560aa92ac9a433a3c582059335ca4b
    • Instruction ID: ba58f2f8b43e89647f95e2fa451d6273d6820fcca03511dce4fab5c43ece3e07
    • Opcode Fuzzy Hash: 5811e0487402d9d09f7ce087656701d5d3560aa92ac9a433a3c582059335ca4b
    • Instruction Fuzzy Hash: 52716B32B08A4289FB609B65D8906FD33A0BF46FE8F448835CA5D93695EF3CE545C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB880D4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: db2e2960726a97e78e8b30087ce129bdccfdbbc4799cf87f955fb007fd97e4e0
    • Instruction ID: a47aa7ea5624d815fa344e466240a35d487b46342616c54cf5e19e7dba9abd78
    • Opcode Fuzzy Hash: db2e2960726a97e78e8b30087ce129bdccfdbbc4799cf87f955fb007fd97e4e0
    • Instruction Fuzzy Hash: A2314136618F8286EB70DF65E8402AE73A4FB89B68F500135EA9D83B59DF3CD145C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB5A068 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 308comCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Create$Instance$Concurrency::details::_InitializeSchedulerScheduler::_StreamUninitialize
    • String ID:
    • API String ID: 4283613886-3916222277
    • Opcode ID: 2b4aa94c0f46012cfaa00353f727fcd6bf9ed7260ecba13b0f10fa1c5691dcef
    • Instruction ID: fc7f81b1cfa4d6ba4f0a71b32aaa86fb871af6b10e52255ecf171a5be22d551a
    • Opcode Fuzzy Hash: 2b4aa94c0f46012cfaa00353f727fcd6bf9ed7260ecba13b0f10fa1c5691dcef
    • Instruction Fuzzy Hash: EEF1293251CAC196E660EB10E4913EEB760FBD6B50F845031E68EC6AAADF7CD549CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB14F78 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressLibraryLoadProc
    • String ID: SetProcessDpiAwarenessContext$User32.dll
    • API String ID: 2574300362-1491950331
    • Opcode ID: 9eaf2c05e4001faaf70984f6640e673e0d2ae1809ed9273839bde7572b0b535b
    • Instruction ID: e7e78dcf3642da1b5c76094d49d0b6212cf4eebdc57a7b8fa328721a0403541a
    • Opcode Fuzzy Hash: 9eaf2c05e4001faaf70984f6640e673e0d2ae1809ed9273839bde7572b0b535b
    • Instruction Fuzzy Hash: 62F01C72A19F8181D6309B10F84472A77A4FB89BB8F400330E6AE82BE8DF3CD154CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB650C8 Relevance: 6.6, APIs: 4, Instructions: 622COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: f8090020d46005584c2a1a32a5779fca4c03242a2e039058d2fd4e6d9f792b76
    • Instruction ID: 1fd5729c13912424a1aee6db99c80edae977704f5f1fa2f5f61a5c76fd949158
    • Opcode Fuzzy Hash: f8090020d46005584c2a1a32a5779fca4c03242a2e039058d2fd4e6d9f792b76
    • Instruction Fuzzy Hash: 2B527D22B18F8585FB20DBA5D4402AC6371FB89FA8F504236EE5D97B99DF38D55AC300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD5E74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CompletionPostQueuedStatus
    • String ID: M'
    • API String ID: 2005739868-2701432540
    • Opcode ID: 22d836dc2541f497a82b3dfb7d1e9607bc93c9f71838697c8cac99e46c882dc0
    • Instruction ID: c2f6fa72a33924f74046ac93f2a2914b42e012ac71960866d4bbf2968133ede4
    • Opcode Fuzzy Hash: 22d836dc2541f497a82b3dfb7d1e9607bc93c9f71838697c8cac99e46c882dc0
    • Instruction Fuzzy Hash: 6341937661CB85C6DB709B16E48076AB7A0FBC9B94F108126EACD83B69DF3DD4448B01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB61A38 Relevance: 5.2, APIs: 3, Instructions: 741COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: d2bd6356b4b3c53aa26157a92f4e2e655b8541b4ef4605d616bd0078f0a9499c
    • Instruction ID: 5f9588eb04d11b20287c7cde4fd7c2f9316a7c59a5cc14d19efc50e6792784eb
    • Opcode Fuzzy Hash: d2bd6356b4b3c53aa26157a92f4e2e655b8541b4ef4605d616bd0078f0a9499c
    • Instruction Fuzzy Hash: 5862A062F08AD68AFB248BA5D4502BC27B1BB56FB8F148535EE4D97B95DF38D481C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB9C37C Relevance: 4.0, APIs: 2, Instructions: 1005COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _get_daylight
    • String ID:
    • API String ID: 4143689357-0
    • Opcode ID: bdc1244bf96d9fc4ed2176751526d47d34ec609e96c61e875701ba259f18d7ba
    • Instruction ID: f39982d3cd500ee72637a489a5ef15feaee3362212ab1ef2d7c6c9398ab5018f
    • Opcode Fuzzy Hash: bdc1244bf96d9fc4ed2176751526d47d34ec609e96c61e875701ba259f18d7ba
    • Instruction Fuzzy Hash: 9692BFF2A08E4286E7758F25D96017D37A1FBA6BA8F548135DA8D87B99DF3CD910C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB3D940 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Initialize$OpenVersionchar_traits
    • String ID: Windows NT
    • API String ID: 3234920532-57747299
    • Opcode ID: 2b66d2b4b7fdb02a047972ff3e2fe76d840bd58b25a4934929efee579e6002d8
    • Instruction ID: 1810d32c4ef3ca345e34b26c4908f3772e69bde167e4bed4a291d77687a629d3
    • Opcode Fuzzy Hash: 2b66d2b4b7fdb02a047972ff3e2fe76d840bd58b25a4934929efee579e6002d8
    • Instruction Fuzzy Hash: 6721B476629B84C6DB71CB25E49139AB7B0F7CCB94F401126EA8D83B59DF3DD4018B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB582A8 Relevance: 3.0, APIs: 2, Instructions: 37sleepclipboardCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ClipboardOpenSleep
    • String ID:
    • API String ID: 4107625934-0
    • Opcode ID: 46948730fa937742cf8521c1ca16b884d822d42830dd8d8572f5d429edf7cc4c
    • Instruction ID: b3f01f56af51cf5846546716c2b472dd8714e17b97706743099302e17ebe0674
    • Opcode Fuzzy Hash: 46948730fa937742cf8521c1ca16b884d822d42830dd8d8572f5d429edf7cc4c
    • Instruction Fuzzy Hash: 7311E57250CF8586E730EB55E44432ABBA0FB86BA4F444135EACE86BA8CF7DD1548B10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB9D3B8 Relevance: 2.9, Strings: 2, Instructions: 358COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID: a/p$am/pm
    • API String ID: 0-3206640213
    • Opcode ID: 0018e01bfe67b0f8674465d85053aeab08d90b16ea9594a4929076795b3dc64d
    • Instruction ID: 2316aadac31fe49a76050fe61171e9e95d6429b00df275dd4a26c9d752188cb9
    • Opcode Fuzzy Hash: 0018e01bfe67b0f8674465d85053aeab08d90b16ea9594a4929076795b3dc64d
    • Instruction Fuzzy Hash: 42E1E4A2E08A4281E7748F2695645BD23A0FF2BFA4F554132EA9D87BD5DF3CE941C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBB00B4 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FBA1614: GetLastError.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1623
      • Part of subcall function 00007FF61FBA1614: FlsGetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1638
      • Part of subcall function 00007FF61FBA1614: SetLastError.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA16C3
    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF61FBB08A3,?,00000000,00000092,?,?,00000000,?,00007FF61FBA00A1), ref: 00007FF61FBB0152
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystemValue
    • String ID:
    • API String ID: 3029459697-0
    • Opcode ID: 22c83e9c0f5751936d8cca30e7ce514037412f7aed1f7703a9a1faff61109ed4
    • Instruction ID: f973baf0db0e30e4bb8ed46a95290309a6a309245500a36a5a14d06ec47fba27
    • Opcode Fuzzy Hash: 22c83e9c0f5751936d8cca30e7ce514037412f7aed1f7703a9a1faff61109ed4
    • Instruction Fuzzy Hash: 9A11D273A08A458AEB288F26D4806B97BA0FB91FF0F448136D62D833D0CE38D5D1C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBB0184 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FBA1614: GetLastError.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1623
      • Part of subcall function 00007FF61FBA1614: FlsGetValue.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA1638
      • Part of subcall function 00007FF61FBA1614: SetLastError.KERNEL32(?,?,00000000,00007FF61FB88889), ref: 00007FF61FBA16C3
    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF61FBB085F,?,00000000,00000092,?,?,00000000,?,00007FF61FBA00A1), ref: 00007FF61FBB0202
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystemValue
    • String ID:
    • API String ID: 3029459697-0
    • Opcode ID: 25d8b8766c190972b088f4f89100465d892ea615db26bc5355308987f0e629f3
    • Instruction ID: 00c963d700733e52b25512acd06109a464aa92c797f09c283b795b7b1b24d42d
    • Opcode Fuzzy Hash: 25d8b8766c190972b088f4f89100465d892ea615db26bc5355308987f0e629f3
    • Instruction Fuzzy Hash: 6C01DE72B08A8186EB245F16E880BBD77A1EB52FF4F44C232E66C872C4DF689485C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA2058 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
    Download Yara Rule
    APIs
    • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF61FBA25AF,?,?,?,?,?,?,?,?,00000000,00007FF61FBAF704), ref: 00007FF61FBA20A7
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: EnumLocalesSystem
    • String ID:
    • API String ID: 2099609381-0
    • Opcode ID: 5fb6e3ef6e74a5cb51b3320a8b44a199e4efd1b33dd9a7a866f7e3fcf33c8820
    • Instruction ID: dd90d5ac88e58d271a64ef73bba6294edafbd6099e4e68b99c66bd13e247b3f7
    • Opcode Fuzzy Hash: 5fb6e3ef6e74a5cb51b3320a8b44a199e4efd1b33dd9a7a866f7e3fcf33c8820
    • Instruction Fuzzy Hash: 31F0F672A08A4182E714DB25F8905AA23A1EB99FE0F589035DA5D83765DE3CD5A19300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB899FC Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Time$FileSystem
    • String ID:
    • API String ID: 2086374402-0
    • Opcode ID: dc08a8990049bbf44bc9ce5efcc18fd100a8dd33ce2349a2d97a30b2995ba16d
    • Instruction ID: 1ec4f70afe6c08551d3d3dfb53f7cc99720be837cd5f618403ffac04ce529e99
    • Opcode Fuzzy Hash: dc08a8990049bbf44bc9ce5efcc18fd100a8dd33ce2349a2d97a30b2995ba16d
    • Instruction Fuzzy Hash: BDF082E2B29A8943EE648755D5147A4A2819F9CFF4F04A331ED3D4EBD9EE2CD1508700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC3EC4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: listenstd::make_error_code
    • String ID:
    • API String ID: 2269213610-0
    • Opcode ID: e59ca2bd57b99d823606d1389552511c8f4821268e219ae329c928efd4b03d9c
    • Instruction ID: c3a306111ab4b6bf8e60200458e849c72f24852006e83dd9b97f5418a539943d
    • Opcode Fuzzy Hash: e59ca2bd57b99d823606d1389552511c8f4821268e219ae329c928efd4b03d9c
    • Instruction Fuzzy Hash: 0AF0EC3250CA81C6D620DB25E45412AB7A0F7C5778F104725E6EC86AD9CF7CD9518F44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB80FCC Relevance: 1.5, APIs: 1, Instructions: 24COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID:
    • API String ID: 2299586839-0
    • Opcode ID: 5f185c7509d6e4e3cc474c45f8bf5f1f752a17fc89a4d5fcf6489ad951b3bedf
    • Instruction ID: ac947e8606729096587ab8d2db26fefd6aeb41ec9fa2008525ed771ec9ca2be3
    • Opcode Fuzzy Hash: 5f185c7509d6e4e3cc474c45f8bf5f1f752a17fc89a4d5fcf6489ad951b3bedf
    • Instruction Fuzzy Hash: 0BF0A072A2E8C382F3B95A18C859B7D1360FB82B21F540132E10FC22D4DE6CD540B701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8DBA0 Relevance: 1.5, Strings: 1, Instructions: 247COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID: 0-3916222277
    • Opcode ID: a98a55236c66c4748054dc6cf0499ab5de4e709b9317b7d2eb01df8da71194e3
    • Instruction ID: 08b1a1c2e926668cc933e829ce9833e324c0110e86461f3148b4f25e11d96943
    • Opcode Fuzzy Hash: a98a55236c66c4748054dc6cf0499ab5de4e709b9317b7d2eb01df8da71194e3
    • Instruction Fuzzy Hash: DDB17F72A08F4685EB758F29C0A027C3BB4E79AF68F645136CB4E87395CF29D441E704
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8DF24 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID: 0-3916222277
    • Opcode ID: 30014884db9ff61b8ae3413a2f78a78dea1d85b3dd232fd616807f9200033210
    • Instruction ID: e3330349ae40e4db919595e66d7ac9cc2eb2a741c888846d9984c8098e3989be
    • Opcode Fuzzy Hash: 30014884db9ff61b8ae3413a2f78a78dea1d85b3dd232fd616807f9200033210
    • Instruction Fuzzy Hash: B6B15B72A08A9686E7759F69C05027C3BA0F78AF68F284136CA4E87395CF39D841E741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB9DBF4 Relevance: .5, Instructions: 503COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 39757ce196a997955107f88375a0fdee1c35b3678a1778ace496f7924c544448
    • Instruction ID: d1b0ff6f1e158ede39cb64c53081e35b7f4409c71788054933440e9f4daa22de
    • Opcode Fuzzy Hash: 39757ce196a997955107f88375a0fdee1c35b3678a1778ace496f7924c544448
    • Instruction Fuzzy Hash: 4A1204B1F04E5A40EE60DB2A99582BD6395FB7AFF4F545231CE6E873D4DE29D4428300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB614D0 Relevance: .4, Instructions: 415COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 52d6babbcc45022f06620988a00d4ff6110b005ad1146e2531519e06a6b91976
    • Instruction ID: 78dd811b76979ecd66c7f8f4f4e694d4dd5c32affa06364760fafc2cd0e61607
    • Opcode Fuzzy Hash: 52d6babbcc45022f06620988a00d4ff6110b005ad1146e2531519e06a6b91976
    • Instruction Fuzzy Hash: ED122D76A05E8589EB608F29C45037C37A1FB46FA8F549032EA0E8B795DF3DD886C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8CFD8 Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
    • Instruction ID: ab932f060300404159233a9f7dfd2b07d46467b8e496da61468ea4ca6b65f93b
    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
    • Instruction Fuzzy Hash: 43516036A18E5386E7348B29D46022827B0EB9EF78F644132CE4D97794DF3AE843D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8CBC8 Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
    • Instruction ID: 76659d88019fe98468f8c581ee541504802a871f7d162309f79f575b93eba632
    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
    • Instruction Fuzzy Hash: C05145F6B14E5386E7748B29C04022827A1EB96F78F244131CE4D97B95DF3AE852DB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8C7B8 Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
    • Instruction ID: 0059c15e5f0408d33ae943b23ca051cedbc7960a8002c99d5110c04dad2032d0
    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
    • Instruction Fuzzy Hash: 285181F2A18E5282E7758B29C04023827A0EBC6F78F245131CE4D97794DF3AE843E740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8CDD4 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a3f137922c5501b352e1e64e7e49ce49f08a99630998ccb88cd556a562213431
    • Instruction ID: 1596c6c1eb49d463413e0b4572723eedb129aee6f67cd64d2c80a6c95d15152a
    • Opcode Fuzzy Hash: a3f137922c5501b352e1e64e7e49ce49f08a99630998ccb88cd556a562213431
    • Instruction Fuzzy Hash: 165160F6A18E5386E7748B29C04023877A1EB9AF69F244131DA4D97794CF3AF846D780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8C9C4 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 65ee9bc594845d01ab97c8cba0575b9b5295405d23e93cda62356d775271698a
    • Instruction ID: c19fc5084f23281653e82c90c2ba9ac329657691f137d15fb82ab3ad5f301e51
    • Opcode Fuzzy Hash: 65ee9bc594845d01ab97c8cba0575b9b5295405d23e93cda62356d775271698a
    • Instruction Fuzzy Hash: 1B5142F6A19E5786E7348B29D04433837A0EB8AF68F245131CA4D97799DF3AEC42D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB8C5B4 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2c842d73893c15455ed38ea06f11115893b2cc9fcae564d6d6b7634b5b27c5b2
    • Instruction ID: 547800fc762d4d1319c39a0f5cb8536d1d0e367b6e976ba2f64e405d8d9d7c48
    • Opcode Fuzzy Hash: 2c842d73893c15455ed38ea06f11115893b2cc9fcae564d6d6b7634b5b27c5b2
    • Instruction Fuzzy Hash: 5F5140FAA18E5386E7758B29C45423837A0EB86F68F245131CA4D97795CF3AE843D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB99A88 Relevance: .1, Instructions: 142COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CurrentFeaturePresentProcessProcessor
    • String ID:
    • API String ID: 1010374628-0
    • Opcode ID: ac4e619508114dbbf8803ae74ad5db8d54a070d330197260e349c21fcc0f47ce
    • Instruction ID: a02e5fe285c0a5964de0896274c868e4fa1e923537f6594fc8ddfd7a33297a31
    • Opcode Fuzzy Hash: ac4e619508114dbbf8803ae74ad5db8d54a070d330197260e349c21fcc0f47ce
    • Instruction Fuzzy Hash: 64414D9270DAEB03FB74876564502B96791EB66FE4F184630EE5E87F85CE2DD8014700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1C54C Relevance: 47.7, APIs: 11, Strings: 16, Instructions: 462COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FB1C597
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FB1C5F0
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structured
    • String ID: ) [(quotesStart + 1 != quotesEnd)$) [(quotesStart < quotesEnd)$) [*currLevel != Level::Unknown$) [currConfig != ConfigurationType::Unknown$ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $Configuration error - No ending quote found in [$Empty configuration value for [$Unrecognized configuration [$Unrecognized severity level [$] WITH MESSAGE "$] WITH MESSAGE "$] WITH MESSAGE "$] WITH MESSAGE "
    • API String ID: 142017403-2425191912
    • Opcode ID: 97604a9cd7ae7243136c304eec74dadfe06b127d6be6939950cf920d02c21d9a
    • Instruction ID: c8ffe021973fdd163d7fbb840cd2e0d22800131474c7328409ac25addd7430cf
    • Opcode Fuzzy Hash: 97604a9cd7ae7243136c304eec74dadfe06b127d6be6939950cf920d02c21d9a
    • Instruction Fuzzy Hash: E7321D61A1DEC2C4EA70EB15E4512EA7361EBC5BA0F805231E69DC7B9AEE2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA911DC Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 288COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$CallDecorator::getIndexReentrant$Concurrency::details::_Lock::_$Lock$Concurrency::details::CriticalEmptyMutex_baseMutex_base::_Ptr_baseQueue::Scoped_lockScoped_lock::_StructuredWorkstd::_
    • String ID: connection constructor
    • API String ID: 3547270652-165144640
    • Opcode ID: cb3e4841dd0a0b0e80cd0f0f895cc07d3c9526df056ad0e0668bec1c669c0cba
    • Instruction ID: 84206a205d7fa5c6aea735887392902968365a5446091698b17b6c111a820336
    • Opcode Fuzzy Hash: cb3e4841dd0a0b0e80cd0f0f895cc07d3c9526df056ad0e0668bec1c669c0cba
    • Instruction Fuzzy Hash: F3E13A72A0DBC581EA21DB19E0517EFA7A0FB8AB94F005235DACD5779BDE3CD0248B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF0138 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 174COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::current_exceptiontype_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
    • String ID: cache$config$data$documents$downloads$music$pictures$saveGames1$saveGames2$video
    • API String ID: 336166159-3583383958
    • Opcode ID: d9ea0ef4f718ce23e64022091c3def6c1f7f410c80a84be2742a16793388aef8
    • Instruction ID: 68496820efd3925aeee562f248bc674060eeed15d106f7dc685244bbae82fcea
    • Opcode Fuzzy Hash: d9ea0ef4f718ce23e64022091c3def6c1f7f410c80a84be2742a16793388aef8
    • Instruction Fuzzy Hash: 5291037164CD83D1EA60E715E8512FE7760EFD0BA0F915132E68DC65AAEF2CD54ACB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA6184C Relevance: 37.2, APIs: 9, Strings: 12, Instructions: 438COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FA61898
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FA618B2
    • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FA619A9
    • Concurrency::details::_TaskProcThunk::_TaskProcThunk.LIBCPMTD ref: 00007FF61FA61B02
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA57A0C: Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF61FA57A8C
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_$ProcSchedulerScheduler::_Task$Concurrency::cancellation_token::_Concurrency::details::EmptyExceptionFac_nodeFac_node::_FileFromHeaderImplQueue::RaiseStructuredThunkThunk::_Workchar_traitsstd::_
    • String ID: ' is invalid$JSON patch must be an array of objects$add$copy$from$move$operation value '$path$replace$test$unsuccessful: $value
    • API String ID: 2509176392-3873990758
    • Opcode ID: 01dce77e45db4b8a9e6bee8687055c60492598a96ef75bd33c604f679e95f9ff
    • Instruction ID: c07ba6de4253963c16838512c03442f9b70b74ed352ec6c7c9a08513743383d4
    • Opcode Fuzzy Hash: 01dce77e45db4b8a9e6bee8687055c60492598a96ef75bd33c604f679e95f9ff
    • Instruction Fuzzy Hash: E3321E7261DEC6D1DA70DB14E4912EEB364FBC5764F805132E68DC3AAAEE2CD544CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB58688 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 148clipboardCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Global$Clipboard$AvailableDataFormatLockUnlock$ByteCharMultiWide$Size
    • String ID: buf$lib/clip/clip_win.cpp$lib/clip/clip_win.cpp$lib/clip/clip_win.cpp$reqsize <= len$reqsize <= total_size
    • API String ID: 1833786705-1865621888
    • Opcode ID: a925f296414a8581cd7403036ca6d37f780a1d705fd0bfa4fc57cb6889a8b041
    • Instruction ID: 1981a68bcb9d9788ffaf078b4b28f53bedea4892f8259fbf4720529acf7c615f
    • Opcode Fuzzy Hash: a925f296414a8581cd7403036ca6d37f780a1d705fd0bfa4fc57cb6889a8b041
    • Instruction Fuzzy Hash: C081F732A0CF8282E770DB15F44436AB7A1FB86BA4F101535D68D86AA9DF7CD484CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA05558 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 351COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::EmptyFac_nodeFac_node::_ListQueue::SafeStructuredWorkchar_traitsshared_ptrstd::_
    • String ID: --app="$ --user-data-dir="$ --window-size=$/.tmp/chromedata$Unable to start Chrome mode$You need to install Chrome browser to use the Neutralinojs chrome mode$args$args$height$height$url$width$width
    • API String ID: 3585557464-2605899637
    • Opcode ID: 82bf1649915a5a01d099a7825deb38c4b2b2294cb092d432351e2dcb481d6931
    • Instruction ID: 0446adc3770f511d4e849316fefdb1eb0242c90e2dec5fdf94c0e3e70c9573c9
    • Opcode Fuzzy Hash: 82bf1649915a5a01d099a7825deb38c4b2b2294cb092d432351e2dcb481d6931
    • Instruction Fuzzy Hash: D712D97261DEC691EA70DB14E4913EEB364FBC5B54F805232D68DC2AAAEF2CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE02F8 Relevance: 33.6, APIs: 10, Strings: 9, Instructions: 315COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_$DisplayEnumMonitorsPtr_basetype_info::_name_internal_method
    • String ID: bpp$dpi$height$refreshRate$resolution$returnValue$returnValue$success$width
    • API String ID: 1969700929-1266258098
    • Opcode ID: 14ce4a5c353e1af58ac51eeeebbc11d36b1ace3814009cf7a202a843759d71ec
    • Instruction ID: b0f1a11f9b22533d777e05c3b15fd91a26d76ee40e99b0b42b5335af655d7048
    • Opcode Fuzzy Hash: 14ce4a5c353e1af58ac51eeeebbc11d36b1ace3814009cf7a202a843759d71ec
    • Instruction Fuzzy Hash: A6F1126261DEC6D1DA31DB15E4912EEB360FBC5B50F809232D68D83A6AEF7CD645CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB04114 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 217libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: atomic$AddressLibraryLoadProc
    • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll$combase.dll
    • API String ID: 1653574484-4170001172
    • Opcode ID: 1a582cb36c4a98df3be8ff726cb39926d72d5cac013e0e404da0fa760607214f
    • Instruction ID: 9afb26b7e8ada6df88b2fcbdf203dcdc12c65041a094794d99aa23421ba61240
    • Opcode Fuzzy Hash: 1a582cb36c4a98df3be8ff726cb39926d72d5cac013e0e404da0fa760607214f
    • Instruction Fuzzy Hash: 28C1DE62A0CE8681EA70EB15E4513EAA370FBD5BA0F404135E69DC3AAADF7CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF4110 Relevance: 30.1, APIs: 5, Strings: 12, Instructions: 369COMMON
    Download Yara Rule
    APIs
    • GdiplusStartup.GDIPLUS ref: 00007FF61FAF4165
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyGdiplusQueue::StartupStructuredWorkchar_traits
    • String ID: error$icon$icon$isChecked$isChecked$isDisabled$isDisabled$menuItems$menuItems$menuItems$success$text
    • API String ID: 2022822765-692226211
    • Opcode ID: 68541cab1eedc8499a9753531864a60160dff3d981423b8a54ab2ca1f8de01eb
    • Instruction ID: 58d31dd76f2e186c1cc7a4957e6109bc76bdcd5d243caf3a3fc661d54585239f
    • Opcode Fuzzy Hash: 68541cab1eedc8499a9753531864a60160dff3d981423b8a54ab2ca1f8de01eb
    • Instruction Fuzzy Hash: 5412E77261DEC295EA70DB15E4903EEB3A4EBC5B90F804132E68D87A6ADF7CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA04FDC Relevance: 30.0, APIs: 1, Strings: 16, Instructions: 255COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FAF04C8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAF04FB
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FA0530E
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FAE4F28: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE4F76
      • Part of subcall function 00007FF61FAE4F28: CreateFileW.KERNEL32 ref: 00007FF61FAE4FA5
      • Part of subcall function 00007FF61FAE4F28: GetFileSizeEx.KERNEL32 ref: 00007FF61FAE4FC7
      • Part of subcall function 00007FF61FAE4F28: GetFileInformationByHandleEx.KERNEL32 ref: 00007FF61FAE4FE6
      • Part of subcall function 00007FF61FAE4F28: CloseHandle.KERNEL32 ref: 00007FF61FAE5059
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyFileQueue::StructuredWork$Handle$CloseCreateFac_nodeFac_node::_InformationSizechar_traitsstd::_
    • String ID: /Chromium/Application/chrome.exe$/Chromium/Application/chrome.exe$/Chromium/Application/chrome.exe$/Google/Chrome/Application/chrome.exe$/Google/Chrome/Application/chrome.exe$/Google/Chrome/Application/chrome.exe$/Microsoft/Edge/Application/msedge.exe$/Microsoft/Edge/Application/msedge.exe$LocalAppData$LocalAppData$ProgramFiles$ProgramFiles$ProgramFiles$ProgramFiles(x86)$ProgramFiles(x86)$ProgramFiles(x86)
    • API String ID: 2934798590-60648246
    • Opcode ID: 4bd064d6a9faecaf701b302d78f6f480424269d53b81efee4075bedfd7b31c26
    • Instruction ID: a6d6ae0c9ce40e4240d1281b973c4aae9d95fab7f1f64b4c782841a22c36eddb
    • Opcode Fuzzy Hash: 4bd064d6a9faecaf701b302d78f6f480424269d53b81efee4075bedfd7b31c26
    • Instruction Fuzzy Hash: 06D1FC7254DEC2E1DA70DB14E4413EEB364FBC5B64F815236D68DC2A6AEE2CD649CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB082D0 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 227registrythreadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$Long$HandleMetricsModuleSystem$AnonymousClassConcurrency::details::CreateCurrentEmptyForegroundImageLoadOriginatorQueue::RegisterShowStructuredThreadUpdateWorkallocator
    • String ID: Neutralinojs_webview$P
    • API String ID: 3823023348-3185745624
    • Opcode ID: fdd6957a4d641ba00eefb30e3486ab95fefb94e0eaa120b677ec92f835613f7c
    • Instruction ID: 901ea1f3b64ec78a6e4f6c36e4d13043b3f092df750ceef4810fab8418d752ba
    • Opcode Fuzzy Hash: fdd6957a4d641ba00eefb30e3486ab95fefb94e0eaa120b677ec92f835613f7c
    • Instruction Fuzzy Hash: A1D1BE36619FC586EB709B15E8943AEB7A0FBC9B94F404126DA8D83B69DF3CC145CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB2584C Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 354COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25A2E
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25B27
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25C20
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25D19
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25E12
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25F0B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB26004
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB25953
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB260FD
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID: .-inl.h$.cc$.cpp$.cxx$.hh$.hpp$.hxx
    • API String ID: 1865873047-3944817838
    • Opcode ID: 9f43b0fa1984432d87a6a4c027802ee892e89ccd396ddff1f6d3a23dc1135939
    • Instruction ID: 86200d035a7a9e726ac887244a3ffdacda49a5370c99e6d039bb14af7ea3f3c4
    • Opcode Fuzzy Hash: 9f43b0fa1984432d87a6a4c027802ee892e89ccd396ddff1f6d3a23dc1135939
    • Instruction Fuzzy Hash: 98228176609FC690DA70DB55E8902EBB3A4FBC9B91F405122DA8D83B69EF3CD145CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF05F8 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 318COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAF0672
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkchar_traitsstd::_
    • String ID: background$background$command$command$cwd$cwd$error$exitCode$pid$returnValue$stdErr$stdIn$stdIn$stdOut$success
    • API String ID: 2622221371-3674805514
    • Opcode ID: 114532781f720ea1acd3491f06809cd4b480ffb266a3bfe59070d99dfbb61e9e
    • Instruction ID: b650946e70dffab8230053e2811ffc57242810708da82762714a68985e11e69d
    • Opcode Fuzzy Hash: 114532781f720ea1acd3491f06809cd4b480ffb266a3bfe59070d99dfbb61e9e
    • Instruction Fuzzy Hash: 7202E67660DEC290DA70DB15E4903EEB364EBC5B90F805232E6CD87A6AEF6CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE03F0 Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 236COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_$type_info::_name_internal_method
    • String ID: bpp$dpi$height$refreshRate$resolution$returnValue$width
    • API String ID: 3843115320-464714589
    • Opcode ID: 20f688d4cf02f52016a4dcaafe098c5bbee2a89c69d16134eb78a68686bc107b
    • Instruction ID: 6e9ab07be654dee6491a50b1cf6bd2ebfe14c9e544275ba4570454498910f309
    • Opcode Fuzzy Hash: 20f688d4cf02f52016a4dcaafe098c5bbee2a89c69d16134eb78a68686bc107b
    • Instruction Fuzzy Hash: BAC15562A1DEC6E1DA31DB15D4812EE6320FBC5B50F809232D68D93A6AEF7CD749C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA355A0 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 142COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _mbsnset$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
    • String ID: %level %datetime %msg %loc %user@%host$/neutralinojs.log$default$enabled$enabled$false$false$logging$true$true$writeToLogFile$writeToLogFile
    • API String ID: 2746950129-94961076
    • Opcode ID: d809eea0a09a62fbc3e49b2dd5cadc8cefff184b939ab05206860af1efbfe296
    • Instruction ID: f624b1e74bb49c2ab9776b5fa00609411afe21a1ccd123a140d01bfed47129fe
    • Opcode Fuzzy Hash: d809eea0a09a62fbc3e49b2dd5cadc8cefff184b939ab05206860af1efbfe296
    • Instruction Fuzzy Hash: 8861327161DE83E1EA20E750E4513FA6764FBD5B54F801132E68DC7AAAEF2CE605C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB589A8 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 98clipboardCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Global$Clipboard$AvailableDataFormatLockUnlock$ByteCharMultiSizeWide
    • String ID: len <= total_size$lib/clip/clip_win.cpp
    • API String ID: 1251326923-4089153294
    • Opcode ID: 33fa24997d368d22382ec324d90e1e46bdfc264c557fa15b391537789957db70
    • Instruction ID: 4126e5fccbf972d7eb4eff21ea922534c11f81d52fb6aad4e9b415a338794360
    • Opcode Fuzzy Hash: 33fa24997d368d22382ec324d90e1e46bdfc264c557fa15b391537789957db70
    • Instruction Fuzzy Hash: DA510B36909E4282F760DB65F44436AB7A5FB86BA4F140034E68E82BB9CF7DD485CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC03E4 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 392COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAC047F
    • std::make_error_code.LIBCPMTD ref: 00007FF61FAC04B4
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_$std::error_condition::error_conditionstd::make_error_code
    • String ID: Extension negotiation failed: $Raw response: $Server handshake response$got (expected) eof/state error from closed con$handle_read_http_response$handle_read_http_response$handle_read_http_response invoked after connection was closed
    • API String ID: 1913388346-1483230256
    • Opcode ID: b7781e611768e5f6f23bc0c4814cb467106ea5f60973182aec82f13f78431446
    • Instruction ID: 9451f73b20b2204b523734d6f81bfc6ef4ac509627e332bf73d19a4b70a2a8ee
    • Opcode Fuzzy Hash: b7781e611768e5f6f23bc0c4814cb467106ea5f60973182aec82f13f78431446
    • Instruction Fuzzy Hash: 1C220772609FC681EA70DB15E8803EAA360FB85B94F404132DA8D87BAADF3CD145CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB18724 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 65COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method
    • String ID: TERM$cygwin$linux$screen$screen-256color$xterm$xterm-256color$xterm-color
    • API String ID: 3713626258-1244517683
    • Opcode ID: 4c9c73e0cc04bf0b0ea1c781ba6f8d5c8107d175421c6b0ce1d4071c120748af
    • Instruction ID: 329d723c990290fb37793afec7e6518370d15b38c7d07314456e117e2b230829
    • Opcode Fuzzy Hash: 4c9c73e0cc04bf0b0ea1c781ba6f8d5c8107d175421c6b0ce1d4071c120748af
    • Instruction Fuzzy Hash: C831FF65A0CE5790FB30DB12F4511B977B0EF95BA8F801272E58CC65B6EE2CE64AD700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE7FA4 Relevance: 24.7, APIs: 4, Strings: 10, Instructions: 229fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE8033
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA317D0
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA317FC
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3182E
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31851
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA3187E
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE81ED
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE821F
    • CopyFileW.KERNEL32 ref: 00007FF61FAE823F
      • Part of subcall function 00007FF61FADCA5C: char_traits.LIBCPMTD ref: 00007FF61FADCA8E
      • Part of subcall function 00007FF61FADCA5C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FADCAC8
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWidechar_traits$CopyFac_nodeFac_node::_Filestd::_
    • String ID: -> $File copy operation was successful$destination$destination$error$error$message$source$source$success
    • API String ID: 281268920-2973465384
    • Opcode ID: 47792d807bf5cdcb8d1ed17dbed560d386cfa355960c7c2cb38fa910ab7adfa0
    • Instruction ID: 0e5262305562892c4c3e1726fdf1d4953d832e03a7057a9f4a930ade2ee47b4d
    • Opcode Fuzzy Hash: 47792d807bf5cdcb8d1ed17dbed560d386cfa355960c7c2cb38fa910ab7adfa0
    • Instruction Fuzzy Hash: 84C1C67261DEC290DA70DB15E4913EAB364FBC5B90F405236EA8D86B6AEF3CD544CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE84D4 Relevance: 24.7, APIs: 4, Strings: 10, Instructions: 228fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE8563
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA317D0
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA317FC
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3182E
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31851
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA3187E
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE871D
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE874F
    • MoveFileW.KERNEL32 ref: 00007FF61FAE876C
      • Part of subcall function 00007FF61FADCA5C: char_traits.LIBCPMTD ref: 00007FF61FADCA8E
      • Part of subcall function 00007FF61FADCA5C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FADCAC8
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWidechar_traits$Fac_nodeFac_node::_FileMovestd::_
    • String ID: -> $File move operation was successful$destination$destination$error$error$message$source$source$success
    • API String ID: 1479675177-2672526185
    • Opcode ID: 0ca11f8f591fcbcc024c0d8a5ffb196a8906a5d3fcef0609d3916b6233a73e03
    • Instruction ID: 5d029810673d71c781c4cdbf37a183107badc4b7e6e8e039d3ed95d94ce1737f
    • Opcode Fuzzy Hash: 0ca11f8f591fcbcc024c0d8a5ffb196a8906a5d3fcef0609d3916b6233a73e03
    • Instruction Fuzzy Hash: 3EC1B67261DEC290DA70DB15E4913EAB3A4FBC5B90F405236EA8D86A6ADF2CD544CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE6104 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 226COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyListQueue::SafeStructuredWork$Fac_nodeFac_node::_char_traitsstd::_
    • String ID: error$error$path$path$pos$pos$returnValue$size$size$success
    • API String ID: 2348700401-1652436545
    • Opcode ID: 2eb54bd42615f8065f64a7c1be46876066220bd6abdca6e306b2ff5bafc68779
    • Instruction ID: d952385199df814276b0b373a958101ce51238cca0bbf8d9c98dcba2641e297a
    • Opcode Fuzzy Hash: 2eb54bd42615f8065f64a7c1be46876066220bd6abdca6e306b2ff5bafc68779
    • Instruction Fuzzy Hash: D2C1D87261DEC295DA70DB15E4913EAB364FBC5B90F405232E68D87A6ADF2CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE5C3C Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 217COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ListSafe$Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkchar_traitsstd::_
    • String ID: error$error$path$path$pos$pos$returnValue$size$size$success
    • API String ID: 3320995786-1652436545
    • Opcode ID: bb36ee26110f871cb23c054e2ef275a784d46381c0312114d7107dbc977e1958
    • Instruction ID: fac4ae9637e0717079cbffb56e53ce62dc8c304229097fcffa3a8296d02e1113
    • Opcode Fuzzy Hash: bb36ee26110f871cb23c054e2ef275a784d46381c0312114d7107dbc977e1958
    • Instruction Fuzzy Hash: 1AC1D97261DEC2D4EA70DB25E4553EAB360EBC5B50F405232E6CD87A6ADF6CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA91D74 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 164COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Reentrant$Concurrency::details::_Lock::_$CallCriticalDecorator::getIndexScoped_lockScoped_lock::_$LockMutex_baseMutex_base::_std::_
    • String ID: WebSocket++/0.8.2$endpoint constructor
    • API String ID: 474002737-1916544140
    • Opcode ID: 8fa0582696aa1ac7dd25fbb853c618d2edc54adce428c943fae4ba80119a884f
    • Instruction ID: 65229b2d9a7dcc4b27fe048a82e809662689841ae12dbc1d85b45c03c9b16574
    • Opcode Fuzzy Hash: 8fa0582696aa1ac7dd25fbb853c618d2edc54adce428c943fae4ba80119a884f
    • Instruction Fuzzy Hash: D6811E66A0DFC585EB20DB29E4513AFA7A0FBC5B94F004135EA8D57BABCE3CD0158B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE48DC Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 153COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAE48F4
      • Part of subcall function 00007FF61FAEDD60: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAEDD78
      • Part of subcall function 00007FF61FA265C8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA265DB
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAE499A
      • Part of subcall function 00007FF61FA1663C: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA1664D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::Concurrency::details::_ContextCriticalIdentityLock::_QueueReentrantScoped_lockScoped_lock::_type_info::_name_internal_method
    • String ID: close$read$readAll$readAllBinary$readBinary$seek
    • API String ID: 361455750-412170041
    • Opcode ID: ca293b115054eddae55e268c23b1be6e424dde9d4babbaaec6d64572f7e845dc
    • Instruction ID: e115081d6d6a07c08b274be3d3dfddb87d7000b28975020c9f424e67616269f5
    • Opcode Fuzzy Hash: ca293b115054eddae55e268c23b1be6e424dde9d4babbaaec6d64572f7e845dc
    • Instruction Fuzzy Hash: 20711D6561CF86C1DA60DB1AE45036A77A4FFC5BA4F404236EA8DC7BAADF2CD405CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE8A00 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 279COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE8A7C
      • Part of subcall function 00007FF61FAE4F28: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE4F76
      • Part of subcall function 00007FF61FAE4F28: CreateFileW.KERNEL32 ref: 00007FF61FAE4FA5
      • Part of subcall function 00007FF61FAE4F28: GetFileSizeEx.KERNEL32 ref: 00007FF61FAE4FC7
      • Part of subcall function 00007FF61FAE4F28: GetFileInformationByHandleEx.KERNEL32 ref: 00007FF61FAE4FE6
      • Part of subcall function 00007FF61FAE4F28: CloseHandle.KERNEL32 ref: 00007FF61FAE5059
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: File$Handle$CloseConcurrency::details::CreateEmptyFac_nodeFac_node::_InformationQueue::SizeStructuredWorkchar_traitsstd::_
    • String ID: createdAt$error$error$isDirectory$isFile$modifiedAt$path$path$returnValue$size$success
    • API String ID: 236287780-1650062744
    • Opcode ID: 6e4def33d5fd036377ee6a7ef56cca043389054ce09747911a62f340ec9917ee
    • Instruction ID: df7fd9ef57432991183ab5c97fbec9d95a1ff20213b28c99e352fb572f0f12fa
    • Opcode Fuzzy Hash: 6e4def33d5fd036377ee6a7ef56cca043389054ce09747911a62f340ec9917ee
    • Instruction Fuzzy Hash: 9EE1C73260DFC594DA71DB15E4903EAB3A4EBC9B90F405236DA8D83B6ADF2DD148CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB09D44 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 174windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$MenuMessage$CursorExitForegroundInfoItemLongPopupPostProcProcessQuitSendTrack
    • String ID: "$$$P
    • API String ID: 2003631025-4155829630
    • Opcode ID: c34206daa63ab897f2d3cfdfc090ffbacc3ce24a38a33e8cdddf7dd5c892da75
    • Instruction ID: 21a42710e94a56d7099c7fcb4b4f10a5c500923873d93d60321982cbf76974a8
    • Opcode Fuzzy Hash: c34206daa63ab897f2d3cfdfc090ffbacc3ce24a38a33e8cdddf7dd5c892da75
    • Instruction Fuzzy Hash: 77A1DA3290CE8682E7748B15E54436A77B4FB86BA4F104536D68DC3BA8DFBDD844DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA50A14 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 140COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::$EmptyQueue::StructuredWork$CurrentDirectoryFactory::FileFreePathProxyRemoveRetireSpecThreadchar_traits
    • String ID: --load-dir-res$--neu-dev-extension$--path$js.neutralino.devtools
    • API String ID: 3203358655-2474188579
    • Opcode ID: 380830e29e8136f2e9898c7a568983ce07a508d5c75106b482eb19735483a9b9
    • Instruction ID: 3a2de2aa822e4e1472c5b7671255deb3233b0c1aaabf989dec9947978dba5c17
    • Opcode Fuzzy Hash: 380830e29e8136f2e9898c7a568983ce07a508d5c75106b482eb19735483a9b9
    • Instruction Fuzzy Hash: 0A61ED61A1CE83D1EA20EB51E8513FA7365FFD4B64F815232E68DC65AAEF2CD505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA48DAC Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 125COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
    • String ID: $'$; expected $; last read: '$syntax error $unexpected $while parsing
    • API String ID: 1744367693-1581916670
    • Opcode ID: 7abffed3b7155c5d05235a4a549ff6a7fc501829e121cef54e5475722981584c
    • Instruction ID: 4ce5af87dcf8b497ebcef613505f208d59a48422a83b6bb137c4d8dd499eaad4
    • Opcode Fuzzy Hash: 7abffed3b7155c5d05235a4a549ff6a7fc501829e121cef54e5475722981584c
    • Instruction Fuzzy Hash: 3C61E37261DEC6D5DA60DB15E4813EAB3A4FBC5B94F801122E68D86B6AEF2CD504CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAADB1C Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 272COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::WorkQueue::PushStructured.LIBCMTD ref: 00007FF61FAADBCB
      • Part of subcall function 00007FF61FAAA48C: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAAA6E7
      • Part of subcall function 00007FF61FA8FD04: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FA8FD3D
      • Part of subcall function 00007FF61FA6EE58: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA6EE7A
      • Part of subcall function 00007FF61FA6F328: char_traits.LIBCPMTD ref: 00007FF61FA6F349
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Queue::StructuredWork$EmptyProcessorVirtualchar_traits$Concurrency::PushRootRoot::type_info::_name_internal_method
    • String ID: Connection$GET$HTTP/1.1$Host$Sec-WebSocket-Extensions$Sec-WebSocket-Key$Sec-WebSocket-Protocol$Sec-WebSocket-Version$Upgrade$websocket
    • API String ID: 2389734777-4064044300
    • Opcode ID: 32cf30414706e07e34b533a1727f85d9fe5930bed1e45916573896c133bea466
    • Instruction ID: 7ae4859bc40b3192749b55f17d92066a5aeedb003d5cb2328da645db08835644
    • Opcode Fuzzy Hash: 32cf30414706e07e34b533a1727f85d9fe5930bed1e45916573896c133bea466
    • Instruction Fuzzy Hash: 3CD1FB6261DEC6D1DA31EB14E4913EAB364FBC5B54F801132E68DC7AAADF2CD605CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC1924 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 264COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAC19BA
    • std::make_error_code.LIBCPMTD ref: 00007FF61FAC19EF
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_$std::error_condition::error_conditionstd::make_error_code
    • String ID: Handshake ended with HTTP error: $got (expected) eof/state error from closed con$got to writing HTTP results with m_ec set: $handle_write_http_response$handle_write_http_response$handle_write_http_response invoked after connection was closed
    • API String ID: 1913388346-2408890593
    • Opcode ID: 56adfa5102a7944489ead200d8f650c99f560ad30be363a77ad08f4e7dfca84c
    • Instruction ID: 3fc325aedbdc9a84fac6471474d74e13abc208f5663cc44f835d7d4e6c59c08b
    • Opcode Fuzzy Hash: 56adfa5102a7944489ead200d8f650c99f560ad30be363a77ad08f4e7dfca84c
    • Instruction Fuzzy Hash: 1DD1FC62A0DFC6C0EA30EB15E4957EE63A0FBC5B94F404132DA8D877AADE2CD5458B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE56D8 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 192COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE5752
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA317D0
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA317FC
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3182E
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31851
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA3187E
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE58D0
    • RemoveDirectoryW.KERNEL32 ref: 00007FF61FAE58D8
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
      • Part of subcall function 00007FF61FA075F8: char_traits.LIBCPMTD ref: 00007FF61FA07618
      • Part of subcall function 00007FF61FA075F8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA0766A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWidechar_traits$DirectoryFac_nodeFac_node::_Removestd::_
    • String ID: was removed$Directory $error$error$message$path$path$success
    • API String ID: 3761614089-1862357511
    • Opcode ID: 88af21663fb0aeee8b222651c17697b9c0e416742fa5275fcc6631adfb41e30a
    • Instruction ID: 6d5adbce104364289087ff901ec646d23ba88bc99bfd5eceba8a5f7137c815aa
    • Opcode Fuzzy Hash: 88af21663fb0aeee8b222651c17697b9c0e416742fa5275fcc6631adfb41e30a
    • Instruction Fuzzy Hash: 68B1C77261DEC295DA70DB15E4913EAB3A0FBC5B50F405236EA8D82B6AEF7CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB59160 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 302clipboardregistryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ClipboardGlobal$Format$AvailableConcurrency::details::_CreateDataLockRegisterSchedulerScheduler::_SizeStreamUnlock
    • String ID: $PNG$bi.bi$lib/clip/clip_win.cpp
    • API String ID: 2717934966-3816646311
    • Opcode ID: 56cb7b2bd7139e5e152ec5dcb622659db6c700a8eb93842c70b3baf5d7ba6520
    • Instruction ID: 5ce295d8a7c8643e86618dae87b13bc76fe61c458578fcc6a49f4d8a25346337
    • Opcode Fuzzy Hash: 56cb7b2bd7139e5e152ec5dcb622659db6c700a8eb93842c70b3baf5d7ba6520
    • Instruction Fuzzy Hash: 3AE1C67260CA818AE774DB15E4907AAB7A1EBCAB54F104135E68EC3BA9DF7CD444CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF1250 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 206COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAF12DF
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF14E5
      • Part of subcall function 00007FF61FA1725C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA17287
      • Part of subcall function 00007FF61FA1725C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA17296
      • Part of subcall function 00007FF61FA1725C: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00007FF61FA172BC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$EmptyQueue::StructuredWork$Fac_nodeFac_node::_Factory::FreeProxyRetireThreadchar_traitsstd::_type_info::_name_internal_method
    • String ID: data$data$error$error$event$event$stdIn$success
    • API String ID: 3709936079-1003641206
    • Opcode ID: e3b29b11d71912c30d74a7ccc50cb129738f9e5edfae5a325feecf5dd661680a
    • Instruction ID: b09fb08ac042dea3d54f062219e89d74024aaf85da9ae9aa26f2585aee18f58d
    • Opcode Fuzzy Hash: e3b29b11d71912c30d74a7ccc50cb129738f9e5edfae5a325feecf5dd661680a
    • Instruction Fuzzy Hash: 3AB1E76261DEC691DA70DB15E4913EFB364FBC5B90F805232E68D87A6AEF2CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB11288 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 179windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Message$CallDecorator::getFileIndexName$Concurrency::details::DispatchEmptyFindInitializeModulePathQueue::StructuredTranslateUninitializeWorkstd::bad_exception::bad_exception
    • String ID: APPDATA$window.external={invoke:s=>window.chrome.webview.postMessage(s)}
    • API String ID: 511867345-888848553
    • Opcode ID: 547a06c8b4eb619d413ffbc410259b036b8fcb2bbd191c14613c0229ec54bb81
    • Instruction ID: 8da5a926f28e3f8c57624f30ad2cd5f4e6f7846a4fc940896a45e7a72eb2064c
    • Opcode Fuzzy Hash: 547a06c8b4eb619d413ffbc410259b036b8fcb2bbd191c14613c0229ec54bb81
    • Instruction Fuzzy Hash: 8D91C36261DEC691EA709B25F4913EAB3B4FBC5B94F404136E68D83AA9DF3CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA5858C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 179COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Decorator::getTableType
    • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$d$n_chars < number_buffer.size() - 1
    • API String ID: 2700986858-518778703
    • Opcode ID: cd367c13638afd528bf6c2da07683b91f23dd5d6eb36db59260f155cbc0439fc
    • Instruction ID: e3d98c8f1df3eccc9a8d30ad4d4c134c337d48298614994eaac2954413032377
    • Opcode Fuzzy Hash: cd367c13638afd528bf6c2da07683b91f23dd5d6eb36db59260f155cbc0439fc
    • Instruction Fuzzy Hash: C491EA26A1DBC1C5DB60DB15E4502AEBBA1FBC9B94F404235EA8DC7B6ADE3CD504CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA58248 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 179COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Decorator::getTableType
    • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 at byte $D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$d$n_chars < number_buffer.size() - 1
    • API String ID: 2700986858-132431494
    • Opcode ID: bed0d9fb89336ccd8aaf71547ef09658f5882b769b62334019db425ce60e06a3
    • Instruction ID: 1eae3f2ecb15058c175515d1cac3dc15071ae01bf58baa73935a2c24f39ae3a3
    • Opcode Fuzzy Hash: bed0d9fb89336ccd8aaf71547ef09658f5882b769b62334019db425ce60e06a3
    • Instruction Fuzzy Hash: 1391E926A1DBC1C5DB60DB15E4502AEB7A1EBC9BA4F404231EA8DC7B6ADE3CD504CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD8804 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 172COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$std::error_condition::error_condition
    • String ID: Connection$Sec-WebSocket-Accept$Sec-WebSocket-Key$Upgrade$Upgrade$websocket
    • API String ID: 2527301759-1442277505
    • Opcode ID: d35dd6ce15403fecc81feff4afec03d62069785e743ba5e9ce553dce5e78c911
    • Instruction ID: e98fa99e613d7ae211ac78dcca5e5283e00fcfdeb649dc34cb1eb97b25b78ba4
    • Opcode Fuzzy Hash: d35dd6ce15403fecc81feff4afec03d62069785e743ba5e9ce553dce5e78c911
    • Instruction Fuzzy Hash: D391FA7261DEC6D4EA60EB15E4513EEB364EBC5B90F405231E6CD87AAADF2CD505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC690 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$Long$Monitor$FromInfoRect
    • String ID: ($4
    • API String ID: 3038536068-423877465
    • Opcode ID: db6a410adb7735d9de36b61b1d51181a2de757c1cc33ddeec3d73d52acab1a6a
    • Instruction ID: a0be68ecd2378b57cb2c5f380a5557acc05f57c49423a3c31039e7cefa051eaa
    • Opcode Fuzzy Hash: db6a410adb7735d9de36b61b1d51181a2de757c1cc33ddeec3d73d52acab1a6a
    • Instruction Fuzzy Hash: AE41EDB5A08A418BE754CB29F84066A77B0FBCABA4F104135EA5DC7769CF3DE8459F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FACDBC4 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 284COMMON
    Download Yara Rule
    APIs
    • std::make_error_code.LIBCPMTD ref: 00007FF61FACDCA4
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FACDDA3
      • Part of subcall function 00007FF61FAD9110: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD912F
      • Part of subcall function 00007FF61FA6C07C: UnDecorator::getCallIndex.LIBCMTD ref: 00007FF61FA6C08F
      • Part of subcall function 00007FF61FAD49A8: Concurrency::details::SchedulerBase::NumaInformation::~NumaInformation.LIBCONCRTD ref: 00007FF61FAD4BAB
      • Part of subcall function 00007FF61FA173A0: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA173D4
      • Part of subcall function 00007FF61FA166A0: _Ptr_base.LIBCMTD ref: 00007FF61FA166AE
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FACDFC3
      • Part of subcall function 00007FF61FA97AC8: SafeRWList.LIBCMTD ref: 00007FF61FA97AD9
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FACE101
      • Part of subcall function 00007FF61FA7EDD0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FA7EDFB
      • Part of subcall function 00007FF61FA7EDD0: __CxxFrameHandler2.LIBCMTD ref: 00007FF61FA7EE12
    • Concurrency::details::SchedulerBase::NumaInformation::~NumaInformation.LIBCONCRTD ref: 00007FF61FACE140
      • Part of subcall function 00007FF61FA99D84: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA99D99
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FACE215
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FACE254
      • Part of subcall function 00007FF61FA8DA20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA8DA6D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$EmptyQueue::StructuredWork$Scheduler$Numa$Concurrency::details::_$Base::CriticalInformationInformation::~Lock::_ProcessorProxyReentrantRoot::Scoped_lockScoped_lock::_Virtual$CallDecorator::getFrameHandler2IndexListPtr_baseSafeScheduler::_std::make_error_codetype_info::_name_internal_method
    • String ID: asio connection proxy_write$assertion failed: !m_proxy_data in asio::connection::proxy_write
    • API String ID: 1308223389-3597709954
    • Opcode ID: d9455d3857750b9c3efb79918910b933e27366fda0bfbfd2f9a80978fb972bd1
    • Instruction ID: d42108c617b9ae01d0b30f23ebf27c192292f79d03c1ad3ea55bb46bed77d936
    • Opcode Fuzzy Hash: d9455d3857750b9c3efb79918910b933e27366fda0bfbfd2f9a80978fb972bd1
    • Instruction Fuzzy Hash: 72F1C572A09FC584EA709B15F4913EAB3A4FBC5B94F404236DA8C87B5ADE3CD151CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF0D44 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 224COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAF0DBE
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkchar_traitsstd::_
    • String ID: command$command$cwd$cwd$error$pid$returnValue$success
    • API String ID: 2622221371-2922298875
    • Opcode ID: 54abad6750f4aa78b9f003e8ed06f0d2420cd26b2fb92a784995c744aaa39575
    • Instruction ID: 1d8f91c4c37e903ae8ef9fdbed35ed4cae77b2d78997d82ac7d70351dcf01b1f
    • Opcode Fuzzy Hash: 54abad6750f4aa78b9f003e8ed06f0d2420cd26b2fb92a784995c744aaa39575
    • Instruction Fuzzy Hash: BFC1C57661DFC290DA70DB25E4913EAB364FBC5B90F405232DA8D87A6AEF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE52C4 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 184COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE533E
      • Part of subcall function 00007FF61FAE3F98: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE3FC9
      • Part of subcall function 00007FF61FAE3F98: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF61FA6328A), ref: 00007FF61FAE3FD3
      • Part of subcall function 00007FF61FA075F8: char_traits.LIBCPMTD ref: 00007FF61FA07618
      • Part of subcall function 00007FF61FA075F8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA0766A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$char_traits$CreateDirectoryFac_nodeFac_node::_std::_
    • String ID: was created$Directory $error$error$message$path$path$success
    • API String ID: 219789810-2418525365
    • Opcode ID: bead48326d61d360d6349086c7ef605e20fa033dc6f02f881bd14967233694a3
    • Instruction ID: 2346f6320000d6463d90aa0358c2f142e81d573b6cfcaccb1d0c6c30b4a25f1d
    • Opcode Fuzzy Hash: bead48326d61d360d6349086c7ef605e20fa033dc6f02f881bd14967233694a3
    • Instruction Fuzzy Hash: DEA1D73261DEC691DA70DB55E4513EAB3A0FBC5B50F405236EA8D83B6AEF2CD548CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA01586 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172libraryloaderCOMMON
    Download Yara Rule
    APIs
    • GetProcAddress.KERNEL32 ref: 00007FF61FA016AE
    • EventRegister.ADVAPI32 ref: 00007FF61FA01704
    • EventSetInformation.ADVAPI32 ref: 00007FF61FA01729
    • EventWriteTransfer.ADVAPI32 ref: 00007FF61FA0186A
    • EventUnregister.ADVAPI32 ref: 00007FF61FA0188C
    • LoadLibraryExW.KERNEL32 ref: 00007FF61FA018BF
      • Part of subcall function 00007FF61FA011E5: OutputDebugStringA.KERNEL32 ref: 00007FF61FA01342
      • Part of subcall function 00007FF61FA011E5: OutputDebugStringW.KERNEL32 ref: 00007FF61FA0134F
      • Part of subcall function 00007FF61FA011E5: OutputDebugStringA.KERNEL32 ref: 00007FF61FA0135C
    • _Init_thread_footer.LIBCMT ref: 00007FF61FA018D3
      • Part of subcall function 00007FF61FB81764: EnterCriticalSection.KERNEL32(?,?,-5555555555555556,00007FF61FA02648,?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF61FA0292A), ref: 00007FF61FB81774
      • Part of subcall function 00007FF61FB81764: LeaveCriticalSection.KERNEL32(?,?,-5555555555555556,00007FF61FA02648,?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF61FA0292A), ref: 00007FF61FB817B4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Event$DebugOutputString$CriticalSection$AddressEnterInformationInit_thread_footerLeaveLibraryLoadProcRegisterTransferUnregisterWrite
    • String ID: ADVAPI32.dll$EventRegister
    • API String ID: 2523034441-1617240376
    • Opcode ID: ca725922c60af4b893315f9e4fd865b2abfa1142b48f8a8e30ed895635d070be
    • Instruction ID: 37397bf1c2f5c73bbf44235d8c2ce41b17982ea743b59eeab60aec7a36ed85e9
    • Opcode Fuzzy Hash: ca725922c60af4b893315f9e4fd865b2abfa1142b48f8a8e30ed895635d070be
    • Instruction Fuzzy Hash: 6E912B71A08F8285EB60CB25F8507EA73A0FB85BA4F544235DA8DC76A4DF7DE445E700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE9784 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 159COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_$Concurrency::details::EmptyPtr_baseQueue::StructuredWorkbool_
    • String ID: path$returnValue$returnValue$success
    • API String ID: 3084043299-4120080887
    • Opcode ID: 90a598a72d192aa16c749f02294d163fd0f62c8fa315d864a39477fe5208abbb
    • Instruction ID: da7bacfe4522de974654d88421e78ccd2661fc0c76f4541431f95f6b4c866eea
    • Opcode Fuzzy Hash: 90a598a72d192aa16c749f02294d163fd0f62c8fa315d864a39477fe5208abbb
    • Instruction Fuzzy Hash: 6B81FC6261DFC6D1DA60DB15E4413EAB360FBC5B50F805232E6CD83A6AEF6CD645CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA50EA0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA5BCD0: Concurrency::details::_TaskProcThunk::_TaskProcThunk.LIBCPMTD ref: 00007FF61FA5BD2A
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA50F8D
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA51033
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA510E5
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA51197
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ProcTask$Concurrency::details::_ThunkThunk::_
    • String ID: /modes/browser/port$/modes/chrome/port$/modes/cloud/port$/modes/window/port$port
    • API String ID: 2858937099-2036420136
    • Opcode ID: ed835251105201a51ea146e875ea592964bc18ac5a57c100c48d42e8794d439a
    • Instruction ID: 028b00bfb7dfcd011d2f7979c7819e25716ad2adc7d2b8119e1b3159b3f1f33b
    • Opcode Fuzzy Hash: ed835251105201a51ea146e875ea592964bc18ac5a57c100c48d42e8794d439a
    • Instruction Fuzzy Hash: BB71723660AFC694DA70DB15F4903EAA3B4FB89B90F405136DA8D83B69EF2CD555CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA50D74 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA50DBB
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA50DEE
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWork
    • String ID: browser$chrome$cloud$defaultMode$window
    • API String ID: 643052339-1457272578
    • Opcode ID: 70ed1ebca8a326ea226438a599dc2cfbb15e6da98d289fc480a5a32aca63b763
    • Instruction ID: b32d5c9c93aa1381ad836b111cc4d56a3db2c84b0bba28a3251739d0529edc6e
    • Opcode Fuzzy Hash: 70ed1ebca8a326ea226438a599dc2cfbb15e6da98d289fc480a5a32aca63b763
    • Instruction Fuzzy Hash: 1F311C71A1C953D2EA20DB11E4511BA73B4FF91B64FA04231E68DC75AADF2DE905DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA14290 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
    • String ID: bad locale name
    • API String ID: 3904239083-1405518554
    • Opcode ID: 558119466b73c7644b9bb99fbe0c4bd9640ade891cbf7fdd99c741e49be8584c
    • Instruction ID: 6ba8ff12048b4657251270f0f5c6a5a82ac1ec5b883e5e9bc59dd8d4df40eba2
    • Opcode Fuzzy Hash: 558119466b73c7644b9bb99fbe0c4bd9640ade891cbf7fdd99c741e49be8584c
    • Instruction Fuzzy Hash: F1111F51A0DF8682DE14E729E45126E63B0FFC3B94F541135EA8D93766DE2DD4128704
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA2DCCC Relevance: 15.2, APIs: 10, Instructions: 236COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::DebugDecorator::getEmptyMallocatorQueue::StructuredTableTypeWorkbool_shared_ptr$ArrayHolderMalloca
    • String ID:
    • API String ID: 2420491204-0
    • Opcode ID: c0c8ce945b279d3c0d886401c7c9eaf163a5786737033cf1a573ad03ecb09858
    • Instruction ID: 8649d891335be365c0484a83ff28fcb570fb04fdbfe62f8ff4d15e6b45473216
    • Opcode Fuzzy Hash: c0c8ce945b279d3c0d886401c7c9eaf163a5786737033cf1a573ad03ecb09858
    • Instruction Fuzzy Hash: 58C1E32270CEC6D0DB60DB66E4912EEB360FBD5B90F404132E68D87BAADE6DD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD84BC Relevance: 15.2, APIs: 10, Instructions: 151COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$std::error_condition::error_condition
    • String ID:
    • API String ID: 2527301759-0
    • Opcode ID: e50ddfa9e38ab60b873a08b06edf6ba486a1745463933fbcc6afb7de680dc0ef
    • Instruction ID: 243052d7ffd410ff2c6c6ae98a856d08315e8bccc26fb366da21f6546a354983
    • Opcode Fuzzy Hash: e50ddfa9e38ab60b873a08b06edf6ba486a1745463933fbcc6afb7de680dc0ef
    • Instruction Fuzzy Hash: 5A610E21A1C956C5EA20D617E45127E77B4EFC1FA0F504271FACDCAAEACE7DE8418B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA608A4 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 232COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Mailbox
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$M_plus.e <= kGamma$M_plus.e >= kAlpha$d <= 9$p1 > 0$p2 <= (std::numeric_limits<std::uint64_t>::max)() / 10$p2 > delta
    • API String ID: 1763892119-3529742033
    • Opcode ID: 0e5c715d83148ac4170edb9c8410cd491f450f718ac0d0c15b05b00d7ca12f45
    • Instruction ID: 1b2792c70c2d800d62a6d818313b810710ee13be4190c8f723f6f3cfe18e195c
    • Opcode Fuzzy Hash: 0e5c715d83148ac4170edb9c8410cd491f450f718ac0d0c15b05b00d7ca12f45
    • Instruction Fuzzy Hash: CEC1CF36619BC5CAD760DB19E48079AB7A0F7C5BA4F509126EA8EC3B68DF3CD444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FACD6D4 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 206COMMON
    Download Yara Rule
    APIs
    • std::make_error_code.LIBCPMTD ref: 00007FF61FACD7E4
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FACD99C
      • Part of subcall function 00007FF61FA7D70C: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FA7D73F
    • Concurrency::details::SchedulerBase::NumaInformation::~NumaInformation.LIBCONCRTD ref: 00007FF61FACD9E8
      • Part of subcall function 00007FF61FA99D84: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA99D99
      • Part of subcall function 00007FF61FA166A0: _Ptr_base.LIBCMTD ref: 00007FF61FA166AE
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FACDB3F
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FACDB8B
      • Part of subcall function 00007FF61FA8DA7C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA8DAC9
      • Part of subcall function 00007FF61FA8FE3C: char_traits.LIBCPMTD ref: 00007FF61FA8FE5C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$Scheduler$EmptyQueue::StructuredWork$Concurrency::details::_NumaProcessorProxyRoot::Virtual$Base::CriticalInformationInformation::~Lock::_Ptr_baseReentrantScheduler::_Scoped_lockScoped_lock::_char_traitsstd::make_error_code
    • String ID: $asio connection proxy_read$assertion failed: !m_proxy_data in asio::connection::proxy_read
    • API String ID: 210469151-2202963555
    • Opcode ID: a6a7c5b645db45310d8cc2d04715063152557d2f7a52c837e27f6351558a6174
    • Instruction ID: 51f4faed139f5a18b3bccea2792ed2fecf09b192502ab9e73948d84d71292210
    • Opcode Fuzzy Hash: a6a7c5b645db45310d8cc2d04715063152557d2f7a52c837e27f6351558a6174
    • Instruction Fuzzy Hash: 10C1A072A09FC681EA719B15E4513EAB3A4FBC9B54F404236DACD87B5AEF3CD1448B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC0D04 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 146COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAC0D82
    • std::make_error_code.LIBCPMTD ref: 00007FF61FAC0DB7
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_$std::error_condition::error_conditionstd::make_error_code
    • String ID: got (expected) eof/state error from closed con$handle_send_http_request$handle_send_http_request$handle_send_http_request invoked after connection was closed
    • API String ID: 1913388346-4052049576
    • Opcode ID: 1cb58b7ad499ef7e0fce04d51e4cd8293d374ddf4cbc0ebf5722122256389f6b
    • Instruction ID: fc3adc8e105ea6acdfbb7f33ab4e04b23d63f9299ca39c85e6cee3bec3fbf6e2
    • Opcode Fuzzy Hash: 1cb58b7ad499ef7e0fce04d51e4cd8293d374ddf4cbc0ebf5722122256389f6b
    • Instruction Fuzzy Hash: 7571FB62A1CFC6C1EA609B15E4407EAB360FB85B54F509232EA8D87B9ADF3CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD8184 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
    • String ID: GET$HTTP/1.1$Sec-WebSocket-Key1$Sec-WebSocket-Key2$Sec-WebSocket-Key3
    • API String ID: 1244214244-2101055751
    • Opcode ID: cc224326d65813a383134553eb594a4ba2e7c03cbaec7ab15e73f08125202ae6
    • Instruction ID: 36430644a1beeea5749f85280eb481cbfbea27aeeed22905a1d75fa860652ce5
    • Opcode Fuzzy Hash: cc224326d65813a383134553eb594a4ba2e7c03cbaec7ab15e73f08125202ae6
    • Instruction Fuzzy Hash: B2511162A1CA82C1EA70DB15E4513BE73A4FBC5B64F844231E9DDC769ADF2CE505CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA011E5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: DebugOutputString
    • String ID: WebView2: Failed to find the WebView2 client dll at: $WebView2: Failed to find the app exe path.$\$\
    • API String ID: 1166629820-2806058147
    • Opcode ID: d91f4afa2a8e075f19089fb7fd68710b1d78d60ddcb2c780a441acc96291a8cd
    • Instruction ID: 46321960a0ebc4d3d56717a1b4bb357f0e4a616416e68463fdc5cb2208baf8c4
    • Opcode Fuzzy Hash: d91f4afa2a8e075f19089fb7fd68710b1d78d60ddcb2c780a441acc96291a8cd
    • Instruction Fuzzy Hash: 3A414A21B18A43C1FE64AB62B8511FD53D0AF8AFE4F444235ED5ECB796DEACE5428301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE20D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 102COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptrtype_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkbool_
    • String ID: (^custom\.)(.*)$(^custom\.)(.*)$custom.getMethods
    • API String ID: 1002917139-1277123559
    • Opcode ID: bacf8127f73437ab3cc0b44d7e0a1ea3ea129f621b8f39406ab02a52abf2002a
    • Instruction ID: 2224d93c8f6f650f10486e6b6d31b7509af9623ba8a511520a70d93d19b6c8dd
    • Opcode Fuzzy Hash: bacf8127f73437ab3cc0b44d7e0a1ea3ea129f621b8f39406ab02a52abf2002a
    • Instruction Fuzzy Hash: EB51027261DE82D1EA60DB15F4513EEB7A0FBC1B90F805132E68DC6AAADF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA917F8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 85COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Reentrant$Concurrency::details::_Lock::_Ptr_base$CallCriticalDecorator::getIndexLockScoped_lockScoped_lock::_
    • String ID: asio con transport constructor
    • API String ID: 2456357481-195117925
    • Opcode ID: 67d6b68b8d27def5c0652992f00567d4e9981dbbc13a0128f3f2d12fb3446b36
    • Instruction ID: 6410e139eaefea64b67194c7914bfb0ba6c1a48e335641ae0f59dabaea3df344
    • Opcode Fuzzy Hash: 67d6b68b8d27def5c0652992f00567d4e9981dbbc13a0128f3f2d12fb3446b36
    • Instruction Fuzzy Hash: C5310161A0EB8582EE00DB6AE05136FE360FFC6FA4F001135E98D5775ADEACD0158B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA0105A Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: DebugOutputString$File$AttributesCloseCreateHandle
    • String ID: EBWebView\x64\EmbeddedBrowserWebView.dll$WebView2: skipped inaccessible
    • API String ID: 2768512592-3018534981
    • Opcode ID: 8e21432c21deb5830071166f87b0827d582c3f7daa999b829953d88a3ff806c6
    • Instruction ID: bd51ad0c39cc7a66e78ab7afb588465d1d6bcc650c68a70d2ec569c45ae63323
    • Opcode Fuzzy Hash: 8e21432c21deb5830071166f87b0827d582c3f7daa999b829953d88a3ff806c6
    • Instruction Fuzzy Hash: 82114F20A1C94281FA24A722F8147B82390AF46FF8F144330D87EC77D5DFADA5468705
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB60A00 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressProc$HandleModule
    • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
    • API String ID: 667068680-1247241052
    • Opcode ID: b9319a3e3d6aefa9dfa2ddfed9bc862ef023ddcb04c66ec2ddb2affae00467f2
    • Instruction ID: fef95628da178e4fedef351e4a5f29d9ec592177509b54422327a274adfe9d40
    • Opcode Fuzzy Hash: b9319a3e3d6aefa9dfa2ddfed9bc862ef023ddcb04c66ec2ddb2affae00467f2
    • Instruction Fuzzy Hash: A4F07A64E0AF0796FB24DB51BC444A12365AF4AF75B441175C80EC6325EE3CA199D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA9D7AC Relevance: 13.8, APIs: 9, Instructions: 283COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fbf575fa827a6cf03e924b2d96c6572954fd7edff5b3bf0aa3c7d4031afbfc28
    • Instruction ID: 8a026e43fca0b7d139e76f33acaa85890fc1c2a62abc91cc8325323f778d7ddd
    • Opcode Fuzzy Hash: fbf575fa827a6cf03e924b2d96c6572954fd7edff5b3bf0aa3c7d4031afbfc28
    • Instruction Fuzzy Hash: A4E1B062608FC684DA709B15E4903EEA3A4FBC4BA4F404236DBCD97B99DF2CD585CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA9D16C Relevance: 13.8, APIs: 9, Instructions: 283COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a8cb5e70da95e30cf2955406668c907a192f9cf2e89f33f1b98ae2db66710993
    • Instruction ID: 6c7cb2005c5a9066a9b0763e4a85a3dc26a4306412787cbbb02e948ff697f804
    • Opcode Fuzzy Hash: a8cb5e70da95e30cf2955406668c907a192f9cf2e89f33f1b98ae2db66710993
    • Instruction Fuzzy Hash: AEE1C062608FC685DA709B15E4903EEA3A4FBC4BA4F404236DBCD97B99DF2CD185CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB48748 Relevance: 13.7, APIs: 9, Instructions: 215COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12E8C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA12EA9
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB487F4
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB48865
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: 2ef7bbe89509a550af6bdf203b0c6d63f49b6059f98a54c24ad1474a3478f61e
    • Instruction ID: 955aa5662df6ade5de2b5a58d1739b3afbb8f31cb8cefef34d57fb324de5b082
    • Opcode Fuzzy Hash: 2ef7bbe89509a550af6bdf203b0c6d63f49b6059f98a54c24ad1474a3478f61e
    • Instruction Fuzzy Hash: CCC1D57660DEC595DA71DB15E4902EEB3A4FBC9B50F405232EA8E83BA9DF2CD504CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA91C78 Relevance: 13.5, APIs: 9, Instructions: 49COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Reentrant$CallConcurrency::details::_Decorator::getIndexLockLock::_Ptr_base
    • String ID:
    • API String ID: 2706355319-0
    • Opcode ID: b14824303d478d09789b3c5008bf5361d38644c248e4c246ebc3f178b6a09266
    • Instruction ID: bfa4b6c0cd062afb699c7a414a7d2ef123f8cf3b86326669f954da46f0ea0a45
    • Opcode Fuzzy Hash: b14824303d478d09789b3c5008bf5361d38644c248e4c246ebc3f178b6a09266
    • Instruction Fuzzy Hash: E1212C66A2DBC582EE41EB1AE0557AAA370FF81F84F012135FA8E1B796DE3CC0148740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAA4AF8 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 351COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Lockitstd::_$Find_elemGetfacetLockit::_Lockit::~_Mpunct__int64std::locale::_
    • String ID: 0123456789ABCDEFabcdef-+Xx
    • API String ID: 876901904-2799312399
    • Opcode ID: b1033465a515caa34e5fc978fe8d947a66c9e32dfb72744771d1446c13e49312
    • Instruction ID: f1062295951e631ae22d6f7e008592a083ff9822c768b0d086a311a82703c447
    • Opcode Fuzzy Hash: b1033465a515caa34e5fc978fe8d947a66c9e32dfb72744771d1446c13e49312
    • Instruction Fuzzy Hash: 76023C3261CAC1C9E7719B15E4903BEB7E0EBC5B54F405236EACE86AA9CF2DD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA018E4 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 230libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressCloseDebugHandleInit_thread_footerModuleOpenOutputProcQueryStringValue
    • String ID: GetCurrentPackageInfo$WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.$kernelbase.dll
    • API String ID: 3090097221-1460813422
    • Opcode ID: 538ab4b78333545a881fd4d624e25a4b7d99cd93b1b6446285c3b64cf9173223
    • Instruction ID: c94d08ae7f12e129f3f080fbc2cec25dc7dbe28c6fa79d404d95c2fa8066ed8a
    • Opcode Fuzzy Hash: 538ab4b78333545a881fd4d624e25a4b7d99cd93b1b6446285c3b64cf9173223
    • Instruction Fuzzy Hash: 48A1AE31A1CE4682FA24AB15F8512FA63E0BF86FA4F544232EE4EC7795DE7DE1458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAA8BF4 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 182COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Ptr_base
    • String ID: D:\a\neutralinojs\neutralinojs\lib\asio\include\asio/buffers_iterator.hpp$abs_n == 0 && "iterator out of bounds"$current_ != end_ && "iterator out of bounds"$iterator out of bounds$n == 0 && "iterator out of bounds"$position_ >= abs_n && "iterator out of bounds"
    • API String ID: 897191226-546782048
    • Opcode ID: 89b169c829c982eb8ac50db413852eedf5baec1e9d34bf8e76e7a7c8d2966ad8
    • Instruction ID: 2233488307938e4dfcfd4d212a8f2fce9a5060467d03676d3f1165c9da8456ef
    • Opcode Fuzzy Hash: 89b169c829c982eb8ac50db413852eedf5baec1e9d34bf8e76e7a7c8d2966ad8
    • Instruction Fuzzy Hash: BFA16436619F85C5DAB0CB19E49036AA7A4F7C9F94F504626DACDC3B64EF3CD1498B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF4BB0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 171COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAF4C2A
      • Part of subcall function 00007FF61FAF0138: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF0184
      • Part of subcall function 00007FF61FAF0138: std::current_exception.LIBCMTD ref: 00007FF61FAF0198
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_char_traitsstd::_std::current_exceptiontype_info::_name_internal_method
    • String ID: error$error$name$name$returnValue$success
    • API String ID: 2104267060-89608102
    • Opcode ID: e6716013631cc2abeb1996764fac5302a01f67b976a2667d3998002def2f1322
    • Instruction ID: fc16de31a192671242bad2a5950a19919b147c79e08c41147262cfed80560cdc
    • Opcode Fuzzy Hash: e6716013631cc2abeb1996764fac5302a01f67b976a2667d3998002def2f1322
    • Instruction Fuzzy Hash: A891C77261DEC291DA70DB15E4503EEB3A0FBC5B90F405236EA8D86B6AEF6DD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB11658 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
    Download Yara Rule
    APIs
    Strings
    • window.external.invoke = s => window.external.notify(s), xrefs: 00007FF61FB11951
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_SchedulerScheduler::_atomic$CreateDecorator::getEventHandlesMultipleTableTypeWait
    • String ID: window.external.invoke = s => window.external.notify(s)
    • API String ID: 893825665-1083136455
    • Opcode ID: 4e0ba8d904a7916eded7f1ee0c502c4c5d519123d0b9e38cee40bb82e9ebe328
    • Instruction ID: dcdfce766314d642721c7284004aba879c7942ea5493e73b36c6155d42083dba
    • Opcode Fuzzy Hash: 4e0ba8d904a7916eded7f1ee0c502c4c5d519123d0b9e38cee40bb82e9ebe328
    • Instruction Fuzzy Hash: B781E472609EC591DA70EB14E4513EEB361FBC6B90F804132E68DC3BAADE6CD549CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE9040 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 164COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE90BA
      • Part of subcall function 00007FF61FAE4BA4: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAE4BCF
      • Part of subcall function 00007FF61FAE4BA4: bool_.LIBCPMTD ref: 00007FF61FAE4C4B
      • Part of subcall function 00007FF61FAE4BA4: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAE4CBB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalFac_nodeFac_node::_Lock::_ReentrantScoped_lockScoped_lock::_bool_char_traitsstd::_type_info::_name_internal_method
    • String ID: error$error$path$path$returnValue$success
    • API String ID: 2577315101-1693334514
    • Opcode ID: 342944b3c37ff9074a286e542f2e56650a9e032501ffd6be2ec43525b6341b90
    • Instruction ID: 6e3edb589d5088fd5e8605e1c4e63141e7eb674176dd6f772982fdd03143bb15
    • Opcode Fuzzy Hash: 342944b3c37ff9074a286e542f2e56650a9e032501ffd6be2ec43525b6341b90
    • Instruction Fuzzy Hash: FA91C63261DFC590DA60DB55E4403EAB3A0FBC9B90F405236EA8D83A6AEF3CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1E0B4 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 140COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$Base::CallContextEmptyFunction0IdentityMemberQueueQueue::Structured
    • String ID: ) [valid$ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $Configuration value not a valid integer [$] WITH MESSAGE "
    • API String ID: 2534137197-706819359
    • Opcode ID: 91666dc8c15d0288a0c51255de94a459e2304b58e6047e923ad8af0655160e76
    • Instruction ID: 45676e88c40224b7d606b2507e17e7e9be6101755cb03e901eb2edce0ca8ef90
    • Opcode Fuzzy Hash: 91666dc8c15d0288a0c51255de94a459e2304b58e6047e923ad8af0655160e76
    • Instruction Fuzzy Hash: 7871EA2660DEC185EA60DB15F4513AEB7A0FBC5BA0F405236EACD87B6ADE2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA61960 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 130COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FA619A9
    • Concurrency::details::_TaskProcThunk::_TaskProcThunk.LIBCPMTD ref: 00007FF61FA61B02
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA621E6
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA57A0C: Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF61FA57A8C
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Concurrency::details::_EmptyProcQueue::StructuredTaskWork$Concurrency::cancellation_token::_ExceptionFileFromHeaderImplRaiseSchedulerScheduler::_ThunkThunk::_char_traits
    • String ID: ' is invalid$JSON patch must be an array of objects$operation value '$path
    • API String ID: 2759097622-4025790174
    • Opcode ID: 8ee564670bff784054c4fec3b3386419699ffb14632648454315079a59b8941e
    • Instruction ID: 98b9431f3464059bf2d23e5eb09843b0c6b0b4d450070010e54bd76452f025e7
    • Opcode Fuzzy Hash: 8ee564670bff784054c4fec3b3386419699ffb14632648454315079a59b8941e
    • Instruction Fuzzy Hash: D8610F7251DDC6D1EA71DB14E4912EEB360FBD5B64F802132E68DC29AAEE3CD509CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA20D4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressFreeLibraryProc
    • String ID: api-ms-$ext-ms-
    • API String ID: 3013587201-537541572
    • Opcode ID: 7b850dd0c99e3b387ec5715ec2609694d9892370dbe29c966cdf14d62b2828ff
    • Instruction ID: d84b6f43536fdaac386749ccee2168d3254f00de632e6daa3a114f4e19b8de37
    • Opcode Fuzzy Hash: 7b850dd0c99e3b387ec5715ec2609694d9892370dbe29c966cdf14d62b2828ff
    • Instruction Fuzzy Hash: C041D221B19F5281FA26DB16A8006B523D5BF4AFF0F494136DE1ECB7A8EE3CE4459304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB380E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ByteCharMultiWide$Concurrency::details::_CriticalErrorLastLock::_ReentrantScoped_lockScoped_lock::~_std::runtime_error::runtime_errortype_info::_name_internal_method
    • String ID: UTF16 to UTF8 failed with error code:
    • API String ID: 2942305662-1485511019
    • Opcode ID: 4449f8feea34d3e77afa3fadf641a4c73e92f45b9b83dedd52755464de62bbfb
    • Instruction ID: 38aebf9e464ae0d7fe5e3c6a25e6ee270c2adb6616da0ca9ed9ef346e32e4bf6
    • Opcode Fuzzy Hash: 4449f8feea34d3e77afa3fadf641a4c73e92f45b9b83dedd52755464de62bbfb
    • Instruction Fuzzy Hash: B6513C7260CE8186E760EB25E4513AAB7B1FBC5B60F504236E6CD87AA9DF3DD444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA55794 Relevance: 12.2, APIs: 8, Instructions: 218COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
    • String ID:
    • API String ID: 1755220593-0
    • Opcode ID: e35dcace567945024377b0ba3bb37792aae0737d4edb013e7e9f0a1ce025d32c
    • Instruction ID: 7babbb5f7b1351ca695d295bade00029efe6b63f39bd4a91c5fda5785e2176e4
    • Opcode Fuzzy Hash: e35dcace567945024377b0ba3bb37792aae0737d4edb013e7e9f0a1ce025d32c
    • Instruction Fuzzy Hash: AFB1B566608BC5C5DA60CB16E4903AAB7A0FBC5F98F418126DECDC7B6ADF6CD444CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA85AFC Relevance: 10.7, APIs: 7, Instructions: 238COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA85F8F
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: 1e1f1b5921bf17217a14e340e8fd6fbec1ba02f49a10652a2304e78b385ecf22
    • Instruction ID: abc7d7418790d074569aa55227a3f2efd7229ae39ee66c03a617ea5d85c4fdc1
    • Opcode Fuzzy Hash: 1e1f1b5921bf17217a14e340e8fd6fbec1ba02f49a10652a2304e78b385ecf22
    • Instruction Fuzzy Hash: 1CC1DE6250DEC6E1DA71DB15E4502EEB370FBD8B60F805232E6CDC6AA9DE2CD549DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA854AC Relevance: 10.7, APIs: 7, Instructions: 227COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA85917
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: bf6aabc04cb75009454c527d9dc91a023d7a65fd15a8fa025a77a791c55ee8c7
    • Instruction ID: 1532f05ae6d185e3a416698949f3b63bbd3c09860c6d0fcb72d4b457e52fff87
    • Opcode Fuzzy Hash: bf6aabc04cb75009454c527d9dc91a023d7a65fd15a8fa025a77a791c55ee8c7
    • Instruction Fuzzy Hash: D5C1DC7650CEC2D4DA31DB15E4512EEB760FBC4BA0F804232EACD87AAADE6CD505DB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF8214 Relevance: 10.7, APIs: 7, Instructions: 156windowCOMMON
    Download Yara Rule
    APIs
    • _Init_thread_footer.LIBCMT ref: 00007FF61FAF82B2
    • shared_ptr.LIBCPMTD ref: 00007FF61FAF82C1
    • LoadIconW.USER32 ref: 00007FF61FAF83EB
    • EnumResourceNamesW.KERNEL32 ref: 00007FF61FAF8426
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAF846B
      • Part of subcall function 00007FF61FAEECA8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAEECEC
      • Part of subcall function 00007FF61FAEECA8: MultiByteToWideChar.KERNEL32 ref: 00007FF61FAEED18
      • Part of subcall function 00007FF61FAEECA8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAEED4A
      • Part of subcall function 00007FF61FAEECA8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAEED6D
      • Part of subcall function 00007FF61FAEECA8: MultiByteToWideChar.KERNEL32 ref: 00007FF61FAEED9A
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAF84D7
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    • Shell_NotifyIconW.SHELL32 ref: 00007FF61FAF852B
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharIconMultiWide$EnumInit_thread_footerLoadNamesNotifyResourceShell_shared_ptr
    • String ID:
    • API String ID: 3120313186-0
    • Opcode ID: c28cc56aeb748623343241bfdc2e961e9a4cbcd6bf04ecf87c57238cea4c0bc9
    • Instruction ID: 24dd72fb4ef9642c67f45414381fcb89fc348f19ef0254a18c2eb38957314140
    • Opcode Fuzzy Hash: c28cc56aeb748623343241bfdc2e961e9a4cbcd6bf04ecf87c57238cea4c0bc9
    • Instruction Fuzzy Hash: 35812D7191CE82C2EA64EB11F8517AE77A0FB84BA0F504235D68DC76A6DF7CE504DB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF1A18 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 149COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAF1A8F
      • Part of subcall function 00007FF61FAF04C8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAF04FB
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Fac_nodeFac_node::_char_traitsstd::_
    • String ID: error$key$key$returnValue$success
    • API String ID: 1064701583-2620908785
    • Opcode ID: 88d8c096760974de6f2fdc1e59072253bf92ae15e5ceb22de47ffcad5ca3f337
    • Instruction ID: af8d11fb655623f52359b8394beca6a0a9f73aee1cf0da2cd5be00c8bc5ae45a
    • Opcode Fuzzy Hash: 88d8c096760974de6f2fdc1e59072253bf92ae15e5ceb22de47ffcad5ca3f337
    • Instruction Fuzzy Hash: C781E67261DFC591EA60DB15E4403EAB3A0FBC5B90F405236EA8D86B6AEF2DD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF16D4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 147COMMON
    Download Yara Rule
    APIs
    • _Ptr_base.LIBCMTD ref: 00007FF61FAF1712
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAF1748
      • Part of subcall function 00007FF61FA2D984: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA2D997
    • bool_.LIBCPMTD ref: 00007FF61FAF1773
      • Part of subcall function 00007FF61FA62358: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA6249C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Ptr_baseQueue::ReentrantScoped_lockScoped_lock::_StructuredWorkbool_type_info::_name_internal_method
    • String ID: pid$returnValue$success
    • API String ID: 2806971699-541098384
    • Opcode ID: cc63d48dd111c96480ae9425f90002646dd2bfa0c3ea4b79821340619740f304
    • Instruction ID: 5a55ce9d7e79685a9c15309035bdfe2e71c01233aa60832b8805853d26e3a2ee
    • Opcode Fuzzy Hash: cc63d48dd111c96480ae9425f90002646dd2bfa0c3ea4b79821340619740f304
    • Instruction Fuzzy Hash: 4181B72660DFC590DA60DB15E4903EAB3A4FBC5B90F405232E68D83B6AEF6DD549CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE09CC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 131COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_$Cursor
    • String ID: returnValue$success
    • API String ID: 3007525212-1204738907
    • Opcode ID: 93ca88cfd9783c7a131fb36d489ae3e244f78455ea82f6fb7dfb5bb378120fea
    • Instruction ID: 7b7481e68fc85bee63f084b7b063b5c6817855774c8c613ab0c387b29747c45b
    • Opcode Fuzzy Hash: 93ca88cfd9783c7a131fb36d489ae3e244f78455ea82f6fb7dfb5bb378120fea
    • Instruction Fuzzy Hash: EE61E972A0DEC591DA60DB55E4413EAB360FBC5754F809232E6CD83A6AEF7CD649CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB5DD18 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CurrentThread$xtime_get
    • String ID:
    • API String ID: 1104475336-0
    • Opcode ID: d46ebe4e64446f6755c11da960ece1b6675cac3fe63e46a7421dcaba9484f126
    • Instruction ID: 7ea531f7bddefa1f5dad8c1bd6094485e361998840f347959b6394ff1dea0207
    • Opcode Fuzzy Hash: d46ebe4e64446f6755c11da960ece1b6675cac3fe63e46a7421dcaba9484f126
    • Instruction Fuzzy Hash: 3C510832A0CE5686EB70CF25D45427963A0FB5AFA4F544232DA4EC66B4DF3DE886C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE4BA4 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$Concurrency::Concurrency::details::Concurrency::details::_CriticalEventListLock::_NodeNode::ReentrantResetRootRoot::SafeScoped_lockScoped_lock::_SweepWaitbool_shared_ptrtype_info::_name_internal_method
    • String ID:
    • API String ID: 251482559-0
    • Opcode ID: a2068760ca2132837af2f4c8f19fd29c3cc91223d57d9e771257623ca29e5be8
    • Instruction ID: 0f1c1e904e8ec723d3d7beae587ef9830331cbb4e76950d65c5b808f5561dfb9
    • Opcode Fuzzy Hash: a2068760ca2132837af2f4c8f19fd29c3cc91223d57d9e771257623ca29e5be8
    • Instruction Fuzzy Hash: 2A51F936A1DE86C1E660DB15F4503AAB3A4FBC5B90F401136E68D87BAADF7CD444CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC89D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 115COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC8A93
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWorkchar_traits
    • String ID: Content-Length$HTTP message body too large$Transfer-Encoding$chunked
    • API String ID: 4237134982-3172885045
    • Opcode ID: e1cde08d06ac50cd30c607bd4f5da2996e03f3d303595f31a77c9e8cd1fed73d
    • Instruction ID: 772f86275d1774089d99e9629840c88a2b5e948bf2075cac5b3a697a9f444787
    • Opcode Fuzzy Hash: e1cde08d06ac50cd30c607bd4f5da2996e03f3d303595f31a77c9e8cd1fed73d
    • Instruction Fuzzy Hash: DB510C7260DE82D1EA60DB15E4913EE7360FBC5BA0F405132EA8D87BAADF6CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB8CF8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 112COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Base::Concurrency::details::ContextIdentityQueueWork
    • String ID: D:\a\neutralinojs\neutralinojs\lib\asio\include\asio/detail/hash_map.hpp$it != values_.end()$num_buckets_ != 0
    • API String ID: 3821010759-3660546434
    • Opcode ID: 1feac661f03239ac57ef220b34a63bdde5b52270252458d949f73d1eb070d6da
    • Instruction ID: 43bdcb090c69af9f4e122fc8c75993287139b4db1590e78fef7ca80425a3a351
    • Opcode Fuzzy Hash: 1feac661f03239ac57ef220b34a63bdde5b52270252458d949f73d1eb070d6da
    • Instruction Fuzzy Hash: B3512E66618E45C1DB20DB29E49116AB7A0FBC8FD4F544236EB8E87779DF2DC542CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA457E8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$m_object != nullptr
    • API String ID: 2025160788-936386488
    • Opcode ID: 17511c42c3abb5aa1765e7d0a1de69d6330cbbe9e6f014a33fe9c21cb3e5dcb1
    • Instruction ID: 0f81560b9a381a661ba567dd943bf1eafeda0342951f75d75d7dd9b18b3d264c
    • Opcode Fuzzy Hash: 17511c42c3abb5aa1765e7d0a1de69d6330cbbe9e6f014a33fe9c21cb3e5dcb1
    • Instruction Fuzzy Hash: 77413036608A85CADE60C749E45422AB3A1FBC4BE4F844636E6CDC3BA9DF7CD554CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB3D564 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$DirectorySystem$type_info::_name_internal_method
    • String ID: \kernel32.dll
    • API String ID: 2223124781-2373423461
    • Opcode ID: beb315e90ba6d2d38e5682e818db90a1195a9798cdc8d9a331f01352c5efdb38
    • Instruction ID: 3e08f7f294dea6e101dc372cb5943b4791a34d9f7aa49932a6b3ae0ce610ce80
    • Opcode Fuzzy Hash: beb315e90ba6d2d38e5682e818db90a1195a9798cdc8d9a331f01352c5efdb38
    • Instruction Fuzzy Hash: C6412072608A8596EB20DB29E4513AEB7A1FBC5B94F504132F68DC3BA9DE3CD545CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAACC40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 99libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressErrorHandleLastModuleProcstd::make_error_code
    • String ID: CancelIoEx$KERNEL32
    • API String ID: 2532571285-434325024
    • Opcode ID: 77c21ee25c5293498b0ef3c9d789a6c73a2cfcf9f115fb2885d76a71840d11ec
    • Instruction ID: 50595a7eaa86af74ec906d80f4df5e51e9f8706bdd75d71094e9962381371d02
    • Opcode Fuzzy Hash: 77c21ee25c5293498b0ef3c9d789a6c73a2cfcf9f115fb2885d76a71840d11ec
    • Instruction Fuzzy Hash: 4451EC66A0CF85C1EA60DB15E44036AB3A5FBC5B94F508231EACD83B69DF3CD545CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA1DEF4 Relevance: 10.6, APIs: 7, Instructions: 92threadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_Token$Atomic_long::operator=CancellationContainer::removeCriticalCurrentLock::_ReentrantRegistrationScoped_lockScoped_lock::_State::Threadatomic_compare_exchangestd::_
    • String ID:
    • API String ID: 3301620572-0
    • Opcode ID: eb0f49b58204e0646d75b03944c63e1aaee39604a4e7f7f1a81e294f5f9cca53
    • Instruction ID: 930c511d778dedbea045c23a6edb375fe822a76ad31df4bd7eea315130919382
    • Opcode Fuzzy Hash: eb0f49b58204e0646d75b03944c63e1aaee39604a4e7f7f1a81e294f5f9cca53
    • Instruction Fuzzy Hash: B9415F22A0CA81C1EA709B15E05126EB3B0FB81B98F814236E6CDC7B9ADE3CD545CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE9856 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_$shared_ptr
    • String ID: path$returnValue
    • API String ID: 298425905-4294882691
    • Opcode ID: b80527fa18263e170ca627d53574cdb162403a9376335b59b6d89c46291fe50d
    • Instruction ID: 15535f814c7fcd2a154a3c0ad725b87f4047400cf6146da770061799b67cb5fe
    • Opcode Fuzzy Hash: b80527fa18263e170ca627d53574cdb162403a9376335b59b6d89c46291fe50d
    • Instruction Fuzzy Hash: 31413422A1DEC6D0E631EB15E4512EE6360FFD5750F809232E6CD93AABEE2CD645C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA606C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Mailbox
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$m_plus.e == m_minus.e$m_plus.e == v.e
    • API String ID: 1763892119-2812477419
    • Opcode ID: 2e516d35c8b296079944ece16389123a5e028d3ed97a3ef0e218f36ced9ba87a
    • Instruction ID: cb1302afa0e3f87c9cbe9e3972e313ba229e6ec4cec1bfa33a0a8ff48aab98dd
    • Opcode Fuzzy Hash: 2e516d35c8b296079944ece16389123a5e028d3ed97a3ef0e218f36ced9ba87a
    • Instruction Fuzzy Hash: C5413D72A1CBC685DA70DB15E4517EAB360FBC9B90F409226EACD83B59DF2CD544CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA61E3B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_TaskProcThunk::_TaskProcThunk.LIBCPMTD ref: 00007FF61FA61EF3
      • Part of subcall function 00007FF61FA5AFF8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA5B028
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA61F77
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA621E6
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA61E50
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA5B640: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA5B6AF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ProcTask$Concurrency::details::_ThunkThunk::_char_traitstype_info::_name_internal_method
    • String ID: copy$from
    • API String ID: 844164711-3866517586
    • Opcode ID: 88d938e059dec70dc0d6afa592c3eaf1b0ba637c8e91f704002e1db8a4dc7d59
    • Instruction ID: b23723479a1c5a3cb7227ebddf4e8637d09238843b28e698f59daa3ddf8005a6
    • Opcode Fuzzy Hash: 88d938e059dec70dc0d6afa592c3eaf1b0ba637c8e91f704002e1db8a4dc7d59
    • Instruction Fuzzy Hash: B831E37265DDC6E1DA70E754E4912EE6334FBD1764F815132E28DC3AAAEE2CD608CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF0020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 68COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAEDD60: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAEDD78
      • Part of subcall function 00007FF61FA265C8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA265DB
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF00A9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$type_info::_name_internal_method
    • String ID: exit$stdIn$stdInEnd
    • API String ID: 1713118446-3504127404
    • Opcode ID: b6f9d316bfefbb80fe7bab3dea1050d567583dd07790a61e0a07b27fad57d98d
    • Instruction ID: 11c11219bb27b96040d77c1b0a18a9d3d2ed6fd643141199a3002d46810194e9
    • Opcode Fuzzy Hash: b6f9d316bfefbb80fe7bab3dea1050d567583dd07790a61e0a07b27fad57d98d
    • Instruction Fuzzy Hash: 92210B61A1DF46D1EE60DB16F89107E63A1FF85BA0F405132E98DCB7AADE2CE1059700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA1614 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 82ea214cd0d447671409f95d5ec01030ed654495c9e5f72a00eeff49ee526a0c
    • Instruction ID: 81c516789dacf4990b255861fe7f781c84b022f7d1aa2814d22796942e7bc961
    • Opcode Fuzzy Hash: 82ea214cd0d447671409f95d5ec01030ed654495c9e5f72a00eeff49ee526a0c
    • Instruction Fuzzy Hash: 38219F20A0DE4242FAB9A735A95507953D2AF46FF0F082734D93EC7AE6DE6CB4419B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD83B4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
    • String ID: GET$HTTP/1.1$Sec-WebSocket-Key
    • API String ID: 1244214244-2908456682
    • Opcode ID: d2219ceccd31e3c61cfe382d9e36abe72428893c9665b7e28910bce04bd3a99d
    • Instruction ID: a719f1d51431f003c35ddd392295dd3bf9101bdafefaa59373639e03286512ea
    • Opcode Fuzzy Hash: d2219ceccd31e3c61cfe382d9e36abe72428893c9665b7e28910bce04bd3a99d
    • Instruction Fuzzy Hash: 9421FE61A0CE46C1EA10EB15E45117E6764EFC5FE0F904131EACDCB6AADF2CE542DB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBB40D4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: 4a33c4027ff6c69e3dbf622681ceb9328846a7e9577f6315223c1bdcad044dd9
    • Instruction ID: 35120f6fa157340889a5fd9a437da7adb2f865b1adc6e62ecd1dafecc4f21e14
    • Opcode Fuzzy Hash: 4a33c4027ff6c69e3dbf622681ceb9328846a7e9577f6315223c1bdcad044dd9
    • Instruction Fuzzy Hash: 18115E32B18E4186E7608B56E884329A7A4FB99FF8F444234EA5DC77A4CF3CD8448744
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB24D70 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Base::Concurrency::details::ContextIdentityQueueWork
    • String ID: TRUE$true
    • API String ID: 1908928771-406173685
    • Opcode ID: cfcac6fb0c2467cf7024193e25cc6ff35d3149aab8660596af4fb3c6e5baa971
    • Instruction ID: ada3b60df1f8f9ed4a062c14207b4f900ec21e80c3173045da6ac1cec489059c
    • Opcode Fuzzy Hash: cfcac6fb0c2467cf7024193e25cc6ff35d3149aab8660596af4fb3c6e5baa971
    • Instruction Fuzzy Hash: 8B015266A0CA42C0E630DB26E41017977B0FFC6BA4F504171EACCC6667DF2DE505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB60ABC Relevance: 9.2, APIs: 6, Instructions: 240COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ByteCharMultiWide$CompareInfoString
    • String ID:
    • API String ID: 2984826149-0
    • Opcode ID: a7429a7d49bb034ff1e5444122ae0dfa968ee2a739dc1f9329769be72387a81c
    • Instruction ID: 4f07966f3ea965641a0f20b1bd4358fc2137c26807478809318ef2fca6034a29
    • Opcode Fuzzy Hash: a7429a7d49bb034ff1e5444122ae0dfa968ee2a739dc1f9329769be72387a81c
    • Instruction Fuzzy Hash: F0A1A362B09AC246FB718B2685503BA67A1EF46FF8F584235EA5D86BC5DF7CE444C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB44B4 Relevance: 9.2, APIs: 6, Instructions: 229COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Reentrant$AcceptConcurrency::details::_Decorator::getLockLock::_SockaddrsTableTypestd::make_error_codetask
    • String ID:
    • API String ID: 2697402509-0
    • Opcode ID: 47b0e06ba722fb7db068ff9f35f7f615668fd4c8b82dade1717d62fd90ac6184
    • Instruction ID: a9b71471ed92c432dd99525acd1545e45aedc8f8ee1f3ba8e2d13e90fc3e5fc5
    • Opcode Fuzzy Hash: 47b0e06ba722fb7db068ff9f35f7f615668fd4c8b82dade1717d62fd90ac6184
    • Instruction Fuzzy Hash: ADC1C372609FC5C6DA60DB55E4913AAB3A0FBC5B90F404236EA8D83B6ADF7CD455CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB3FE8 Relevance: 9.2, APIs: 6, Instructions: 229COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Reentrant$AcceptConcurrency::details::_Decorator::getLockLock::_SockaddrsTableTypestd::make_error_codetask
    • String ID:
    • API String ID: 2697402509-0
    • Opcode ID: 52a53b5031fd4423b097fcef45f7006ad84c2a735aea5bd0d8e31360f71a6254
    • Instruction ID: 5650525eaad7297562bd9cb9688fb5799e2b2107451bb2008bdbcf29714e5976
    • Opcode Fuzzy Hash: 52a53b5031fd4423b097fcef45f7006ad84c2a735aea5bd0d8e31360f71a6254
    • Instruction Fuzzy Hash: 42C1C372609FC586DA60DB55E4913AEB3A0FBC5B90F404236EA8D83B6ADF7CD445CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB60E24 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ByteCharMultiStringWide
    • String ID:
    • API String ID: 2829165498-0
    • Opcode ID: 07afe4dc8003972b2578aec427119d86097fd3fb27a624b9ed36fb09b08c53ca
    • Instruction ID: 97cbbcddcbf4b734d7e946e130c858ac51582842a062bcb5cd5382d9a0b8dbdb
    • Opcode Fuzzy Hash: 07afe4dc8003972b2578aec427119d86097fd3fb27a624b9ed36fb09b08c53ca
    • Instruction Fuzzy Hash: 4A815F72A09BC286EB308F62D440769A7A5FB46FB8F144235EA5D97BD4DF3CD4458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA38C14 Relevance: 9.2, APIs: 6, Instructions: 160COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ListSafe$Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWorkchar_traitsfposstd::bad_exception::~bad_exception
    • String ID:
    • API String ID: 3040894829-0
    • Opcode ID: f1f6596b9719115a53935c8f2f1e4c98e9e1020e84b99558eb08257825f0d3db
    • Instruction ID: 0c9ea2faa224aa60b2539aa93c6e0dd79da3c7cdb96bb3321faa957c89c6699e
    • Opcode Fuzzy Hash: f1f6596b9719115a53935c8f2f1e4c98e9e1020e84b99558eb08257825f0d3db
    • Instruction Fuzzy Hash: 3681EB6260DE86D5EA70DB14E4953EEB3A0FBC5794F404236E68D83BAADF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC8D34 Relevance: 9.2, APIs: 6, Instructions: 154COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$Ptr_basestd::error_condition::error_condition
    • String ID:
    • API String ID: 1776980690-0
    • Opcode ID: 0efd5412a316eea4ae26bf66389ba755be20303a89d4338b172d9fb939973d5b
    • Instruction ID: 90dcb37e13e799c3beab68e645d9e972fbc2faa34087809c9937ee18b2e43d18
    • Opcode Fuzzy Hash: 0efd5412a316eea4ae26bf66389ba755be20303a89d4338b172d9fb939973d5b
    • Instruction Fuzzy Hash: D571092660DAC2C1EA709B15E4913EEB760FBD5B90F404132EACD87BAADF6CD445DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB039C Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 385COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID: Content-Length$Incomplete Request$Maximum header size exceeded.$Unable to parse Content-Length header
    • API String ID: 0-1552768723
    • Opcode ID: cf8a7d2ac32edf6675ce9f27607a4d6cde88772f64aec4f7d0bd34d5f88c91a0
    • Instruction ID: 2f89a345e7ec319df17530c2885c52f222314d5a03d72c614ae839be8ee4d803
    • Opcode Fuzzy Hash: cf8a7d2ac32edf6675ce9f27607a4d6cde88772f64aec4f7d0bd34d5f88c91a0
    • Instruction Fuzzy Hash: 4322A272619FC5C5DA60DB15E4913EBB3A4FB85B90F405136DA8D87BAAEF2CD144CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB7BF74 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 89fbfc86d1b2ec57344e17c358113c2566a0d4e5929576aa3ab346472350cbf1
    • Instruction ID: 1dbc1b001a0c64700772ec2a7782245d5eef7690598b1d51e7dfe6ee79b674a4
    • Opcode Fuzzy Hash: 89fbfc86d1b2ec57344e17c358113c2566a0d4e5929576aa3ab346472350cbf1
    • Instruction Fuzzy Hash: 8F416B62A08E4682EA25DB26E8501B96361FF86FF4F084236DA5DC77E5DF3CE452C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB64928 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 93b301c34c00b82c6ec8233a1e94ed9bd5dbbbb4b2b232b5335f09dc72547d19
    • Instruction ID: 398038104a3986c59ed101ce6b39bc5ff717c63922be7f0fd5cd1ff6ba043f6e
    • Opcode Fuzzy Hash: 93b301c34c00b82c6ec8233a1e94ed9bd5dbbbb4b2b232b5335f09dc72547d19
    • Instruction Fuzzy Hash: 43418162A09E86C5FB25DB65E8405796361EF86FB4F180232EE5D876E5DF3CE441C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB0FF0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 347COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Ptr_baseshared_ptr$Decorator::get$CallConcurrency::details::_CriticalIndexLock::_Move_construct_fromReentrantScoped_lockScoped_lock::_TableType
    • String ID: create_connection
    • API String ID: 931779927-985317762
    • Opcode ID: a62c36a2777cd9230c739bb9a18921730c3fca08ac737abe34b2c03e7ecdc661
    • Instruction ID: 5175df3fd630e128d293a09473b32d3f7b82a8cb1f796fa1f41a0206dd007d17
    • Opcode Fuzzy Hash: a62c36a2777cd9230c739bb9a18921730c3fca08ac737abe34b2c03e7ecdc661
    • Instruction Fuzzy Hash: 1A12B372619FC185DA70DB05E8813EBB3A4FB88B94F405136EA8D87B5AEF3CD5548B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA08B48 Relevance: 9.1, APIs: 6, Instructions: 84COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: char_traits$Concurrency::details::EmptyQueue::StructuredWork$AllocateMax_valueMin_valueallocatorwmemset
    • String ID:
    • API String ID: 3922756451-0
    • Opcode ID: e2cb7adff6f363095a5f0591c5b88b341641c89ea3707065bd59a3715c8438fd
    • Instruction ID: cb347e88c160164c12a6e0a10a0723c0e35368847e88e29ed16b50834526c14c
    • Opcode Fuzzy Hash: e2cb7adff6f363095a5f0591c5b88b341641c89ea3707065bd59a3715c8438fd
    • Instruction Fuzzy Hash: AD41CA26618F85C1CA60DB26F49116AB7A0FBC9BA4F500226EA8D83B69DF3CD151CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB64810 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 588b9df2a85ca68a523df5c44226e4f12c52acc56285be0f93f353c85231aecf
    • Instruction ID: 3a9ff67a3b796ae6184df95d14714baa80593f2bcb66bf5cbc3d505ca09efc1d
    • Opcode Fuzzy Hash: 588b9df2a85ca68a523df5c44226e4f12c52acc56285be0f93f353c85231aecf
    • Instruction Fuzzy Hash: 51316122A0CE8A85FB25DB65E8401796762EF46FB4F080231EE0DC76E5DE7CE446D710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB646F8 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 34ca4a9587506b7960cab940036114c8a89eb8d0caf5cb13ef6e443e2b37fad1
    • Instruction ID: 57a9d39987e4fc9f1d1ee9e5a35f00a2b4abe76d2f93c14a35dfa5fbf4640f6b
    • Opcode Fuzzy Hash: 34ca4a9587506b7960cab940036114c8a89eb8d0caf5cb13ef6e443e2b37fad1
    • Instruction Fuzzy Hash: 9D316425A0DE86C5FA25DB65E4401796362EF56FB4F081232EA1D87BA5DF3CE442D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB645E0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: a4432f199013ddc4e494f596045fe8e8e099e6845bec95618a0a8ef3dbbe3dc2
    • Instruction ID: 7c7b9fed6e5ad1153a8f95ccb411bf99783ec4732d07444891751f5d7d777ad9
    • Opcode Fuzzy Hash: a4432f199013ddc4e494f596045fe8e8e099e6845bec95618a0a8ef3dbbe3dc2
    • Instruction Fuzzy Hash: BB318226A09E8A81FA25DB65E8401796762EF46FF4F080231EE1DC76A5DF7CE452D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB644C8 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: d2ee62c4328f89411c471f56d70b294c856145defe512c61cee6e36e0d47cc74
    • Instruction ID: 83409ebc8fc45f4d8763181b4ef9111bae70053797532bd8f61e480fdfc2e109
    • Opcode Fuzzy Hash: d2ee62c4328f89411c471f56d70b294c856145defe512c61cee6e36e0d47cc74
    • Instruction Fuzzy Hash: CC316E22A0DE86C1FA25DB65E8401B96362EF45FB4F081232EA1DC77A5DF7CE442D710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB643B0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: fe29c712c360bcbebc4bba35d656baf43d0362e4c5e9ae78398787648e3dd529
    • Instruction ID: 96bdd26432d3bb8c86b53aa2180027c61c8abea938fb3c21afacb9cfe1703c29
    • Opcode Fuzzy Hash: fe29c712c360bcbebc4bba35d656baf43d0362e4c5e9ae78398787648e3dd529
    • Instruction Fuzzy Hash: EA316122A0DE8681FB25DB65E8411796762EF45FB4F081131EE4DC77A9DE3CE446D310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB64298 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 69d794b69b58bb2fd9ec3fddec2f6d55f7ed4c1edb29d8fa6858a9beaf038e6f
    • Instruction ID: 454b8c0a002d169c597fc75cae9d1900fcaeaf76f01970aadf34946023d2b932
    • Opcode Fuzzy Hash: 69d794b69b58bb2fd9ec3fddec2f6d55f7ed4c1edb29d8fa6858a9beaf038e6f
    • Instruction Fuzzy Hash: D8315022A08E86C5FB25DB65E4401BA6762EF45FB4F081632EE1DC76A5DF3CE442D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAA5A24 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 312COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::ios_base::getloc$Mpunctstd::ios_base::width
    • String ID: @
    • API String ID: 2140681555-2766056989
    • Opcode ID: f4ac884b307051ab80d2dcbcaf4be5b3a852fffe3a9fc5f733cc5a66327535ba
    • Instruction ID: 8d10a274df30872d56de25f61594b94ab5b10016bf9e25614cdff8d596dc5779
    • Opcode Fuzzy Hash: f4ac884b307051ab80d2dcbcaf4be5b3a852fffe3a9fc5f733cc5a66327535ba
    • Instruction Fuzzy Hash: C602D532A1CFC584DA618B15E4943AEB7A0F7C9B94F405222DACD83B6ADF7CD185CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA11890 Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: 30a502a024c683a4f55caff520b7fb78dc8575428839212462a1ec33f74e9c8b
    • Instruction ID: 4bb6a4e7d7046bfd0ae9bdd60249bdb75abddf4d4e3c59f4f19f9fe609b7b529
    • Opcode Fuzzy Hash: 30a502a024c683a4f55caff520b7fb78dc8575428839212462a1ec33f74e9c8b
    • Instruction Fuzzy Hash: 0D21CA26A1DE45C1DA60DB25E48126AB7B4FBC5BB4F501232F69E83BB9DE2CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA8D73C Relevance: 9.1, APIs: 6, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: bb8dd21b209c754bdee0e0634d6239fcc6407e597c34c5312c9c741f2f69e06e
    • Instruction ID: 96429db3f8503aa739d2b052bc53ea4dd86e84a76e889b281ff21524f15a914f
    • Opcode Fuzzy Hash: bb8dd21b209c754bdee0e0634d6239fcc6407e597c34c5312c9c741f2f69e06e
    • Instruction Fuzzy Hash: E8210C22A1DE85C1DA60DB15F49026AB7B0FBC4BB4F501232F68E83BB9DE2CD5448B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA1178C Relevance: 9.1, APIs: 6, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: 2101ae00dfde80e4adc35e3ab046843de0acac84f6684b29b027f80b73d98059
    • Instruction ID: ae3a9ec41ed1480deeeec6c7514f617d76bed2a6cc2d2c4fa7c8cdb5cc448843
    • Opcode Fuzzy Hash: 2101ae00dfde80e4adc35e3ab046843de0acac84f6684b29b027f80b73d98059
    • Instruction Fuzzy Hash: D321EA22A1DE45C1DA60DB25E48026AB7B4FBC5BB4F505232F68E83BA9DE3CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA8D638 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: 90b4c06eb89ef06bcd00b0ca9534380b12878af948d38f0b621f14b3fc6a0f71
    • Instruction ID: 8762820e1c459cc7ea5f373b37169016e0384cd55b8fbd8617fef577dd0e7abd
    • Opcode Fuzzy Hash: 90b4c06eb89ef06bcd00b0ca9534380b12878af948d38f0b621f14b3fc6a0f71
    • Instruction Fuzzy Hash: DB21EA2691DE85C1DA60DB25F49026AB7B4FBC5BB4F501232F68E83BB9DE3CD5408B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA8D534 Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: ca1ce30ec74459553e797d17ea824b4c6b17f49943c2f7fbba29c1c2088c5cbc
    • Instruction ID: ee90c123bb24c2d56197c942ed938fd92da7d20e38c36b93892b84e45f3d3f6e
    • Opcode Fuzzy Hash: ca1ce30ec74459553e797d17ea824b4c6b17f49943c2f7fbba29c1c2088c5cbc
    • Instruction Fuzzy Hash: C221DA2291DE85C1DA60DB15F49126AB7B4FBC5BB4F501232F68E83BA9DE2CD540CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA8D430 Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: 599c3c210af85bc320e191f0d14c73e6dd652db340745c349a4f1a638d49ba75
    • Instruction ID: 21dd2dd39994bf33b9462fc0e41dd6f7ed0a4a75e488096456cda75fc81640da
    • Opcode Fuzzy Hash: 599c3c210af85bc320e191f0d14c73e6dd652db340745c349a4f1a638d49ba75
    • Instruction Fuzzy Hash: DC21EE2251DE85C1DA60DB15F49026AB7B4FBD4BB4F501232F68E83BB9DE6CD550CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA4537C Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: bc522c7ae799604a24655e0b1c4baeb16749df00270ed1cd966d69648f298805
    • Instruction ID: 9a6db4e338b5cb46016bf0cb13d582346e6d366e6922f04f7c912afef907e4ab
    • Opcode Fuzzy Hash: bc522c7ae799604a24655e0b1c4baeb16749df00270ed1cd966d69648f298805
    • Instruction Fuzzy Hash: 2F21EA2291DE45C1DA60EB25E48026AB7B1FBC4BB4F541232F69E83BA9DE3CD540CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB50D90 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacet__int64std::locale::_
    • String ID:
    • API String ID: 2644824941-0
    • Opcode ID: d93809b3a742951f0c9f062461c630402fb8facfc43849c81233b2b8d78b999b
    • Instruction ID: 9697e065690a8408de1d851eca0140144e1ace5fbca4b787738d071be7630f53
    • Opcode Fuzzy Hash: d93809b3a742951f0c9f062461c630402fb8facfc43849c81233b2b8d78b999b
    • Instruction Fuzzy Hash: E221CE2291DE8581DA60DB25E49126AB7A0FB85BB4F501232F68E837B9DE3CD554CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA178C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 8afc3eb93ad0f63a3d8ca3e7c08b699a905e7cc16aafeadab15698b8bed8123e
    • Instruction ID: 5763cce594a5e3a291c789961f8c5cda48c0b441c38224e27c213f4e9a98f93a
    • Opcode Fuzzy Hash: 8afc3eb93ad0f63a3d8ca3e7c08b699a905e7cc16aafeadab15698b8bed8123e
    • Instruction Fuzzy Hash: D6119D20F0DE5242FAB9AB31A55507923D2AF46FF0F041334D82EC7AE6DE2CE4429B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FACA0B8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 189COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA95D04: std::exception::exception.LIBCONCRTD ref: 00007FF61FA95D21
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FA9C188: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF61FA9C1B2
    • Concurrency::details::WorkQueue::PushStructured.LIBCMTD ref: 00007FF61FACA50F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Queue::StructuredWork$Decorator::getEmptyExceptionFileHeaderPushRaiseTableTypechar_traitsstd::exception::exception
    • String ID: $ $Invalid request line1$Invalid request line2
    • API String ID: 3462694705-839507807
    • Opcode ID: 94b8625bcb7e87973138f03b38beb5031f9c4a092515fa27c121be9a7c80f4db
    • Instruction ID: 92a2e32fa6a791f39967e83626c3ac80914de96fba624ae741788dad6e75465d
    • Opcode Fuzzy Hash: 94b8625bcb7e87973138f03b38beb5031f9c4a092515fa27c121be9a7c80f4db
    • Instruction Fuzzy Hash: 34B1B53660DFC694DAB0DB15E4813EAB3A4FB85B90F405126EACD83B69EF2CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE93D8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 168COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAE9452
      • Part of subcall function 00007FF61FAE4E08: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAE4E1C
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyFac_nodeFac_node::_Lock::_Queue::ReentrantScoped_lockScoped_lock::_StructuredWorkchar_traitsstd::_
    • String ID: error$error$returnValue$success
    • API String ID: 2148963623-1953992942
    • Opcode ID: 9a3553d8561691ea0a9a5b3701e4cb3c482465dbb7a1a6eb7d68f47eddd60e77
    • Instruction ID: 3e3c46d287284326099731cfb099b42a0e39e83c66d4c6db710ecd0459ba0954
    • Opcode Fuzzy Hash: 9a3553d8561691ea0a9a5b3701e4cb3c482465dbb7a1a6eb7d68f47eddd60e77
    • Instruction Fuzzy Hash: F391C73260DFC594DA60DB15E4503EAB3A0FBC9B94F405236EA8D82B6AEF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA33ED4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 158COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: char_traits
    • String ID: $
    • API String ID: 1158913984-227171996
    • Opcode ID: 189143d4185998c6266d1a162e50775db036b74fb35130fb19680340898490d8
    • Instruction ID: e6859cab3a1c8ba9a0aef9b4e5cc987b07209e10878468758821ccf228729e2b
    • Opcode Fuzzy Hash: 189143d4185998c6266d1a162e50775db036b74fb35130fb19680340898490d8
    • Instruction Fuzzy Hash: 1081CD2661DF85C5DA60DB15E4913AEA7A0FBC5BA4F500235EACE87B69CF3CD540CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC1030 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 133COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Concurrency::details::_CriticalLock::_Ptr_baseReentrantScoped_lockScoped_lock::_
    • String ID: Unknown terminate_status$connection handle_terminate$handle_terminate
    • API String ID: 2087993415-522009442
    • Opcode ID: 45cd6bea28f6937edad0f5e1dfe57caaeeef78e5eee89f62837f0910a40d3c9b
    • Instruction ID: 7d267732933b03accf5894d8f579f0c0de0e9dd62ae8dd2005bfc0fd3a844b2e
    • Opcode Fuzzy Hash: 45cd6bea28f6937edad0f5e1dfe57caaeeef78e5eee89f62837f0910a40d3c9b
    • Instruction Fuzzy Hash: 0F611E71A0CFC6C1EA61DB15E8413EBA3A4FFC5B94F504136EA8D87B9ADE2DD0058B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC1688 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 126COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAC17E6
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC180B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC1908
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::_StructuredWork
    • String ID: connection handle_write_frame$handle_write_frame
    • API String ID: 67847930-3152776486
    • Opcode ID: 89620b6fa18d6ece279525343f36c474db4f62d975866815933a4980a564cdab
    • Instruction ID: 2cb323d895ab168350f93adee22193b3814c7eca0eec09d7d3ad322eb2ec7524
    • Opcode Fuzzy Hash: 89620b6fa18d6ece279525343f36c474db4f62d975866815933a4980a564cdab
    • Instruction Fuzzy Hash: EB510062A0CFC181EA21DB16E4513EE67A0FBC5B94F404235EA8D877AADE3CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFE0EC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 125COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAFE163
      • Part of subcall function 00007FF61FAFC8D4: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAFC94D
      • Part of subcall function 00007FF61FAFC8D4: SHCreateMemStream.SHLWAPI ref: 00007FF61FAFC972
      • Part of subcall function 00007FF61FAFC8D4: SendMessageW.USER32 ref: 00007FF61FAFC9C1
      • Part of subcall function 00007FF61FAFC8D4: SendMessageW.USER32 ref: 00007FF61FAFC9DE
      • Part of subcall function 00007FF61FAFC8D4: SafeRWList.LIBCMTD ref: 00007FF61FAFCA02
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyMessageQueue::SendStructuredWork$CreateFac_nodeFac_node::_ListSafeStreamchar_traitsstd::_
    • String ID: error$icon$icon$success
    • API String ID: 1021147884-2314019586
    • Opcode ID: 2fd4aea81140a1effe63158bf768ee84e491eec483897fb54cdffdcb5f3ac108
    • Instruction ID: 4e01658764d594f2e949a7d026aef3ac2f0885f587dceeb15c4252751fef2e00
    • Opcode Fuzzy Hash: 2fd4aea81140a1effe63158bf768ee84e491eec483897fb54cdffdcb5f3ac108
    • Instruction Fuzzy Hash: A661EA72A1CEC691DA70DB15E4413EBB360FBC5B50F405232E68D86A6AEF3DD548CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF4910 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 125COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF61FAF4987
      • Part of subcall function 00007FF61FAEF5C4: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAEF5F5
      • Part of subcall function 00007FF61FAEF5C4: ShellExecuteW.SHELL32 ref: 00007FF61FAEF615
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ExecuteFac_nodeFac_node::_Shellchar_traitsstd::_
    • String ID: error$success$url$url
    • API String ID: 3920289214-1503804053
    • Opcode ID: b2cb52a17260c53e0d002d09ebc8b26ca289a1b53bc2ada8813b4b002ba4f3c7
    • Instruction ID: 861c28af85c19e17b4c1f2813ef7f5326369455a712bc946bd0425d24376e832
    • Opcode Fuzzy Hash: b2cb52a17260c53e0d002d09ebc8b26ca289a1b53bc2ada8813b4b002ba4f3c7
    • Instruction Fuzzy Hash: 63610A7261DEC591DA60DB15E4513EBB360FBC5B50F405236EACD86A6AEF3DD504CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA58BF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 124COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::cancellation_token::_FromImpltype_info::_name_internal_method
    • String ID: ) is out of range$array index '-' ($unresolved reference token '
    • API String ID: 2767231736-3172047162
    • Opcode ID: d8432e816ac9686da2fc95d825b50b3a35b68961d0ed7cdc45879d7afb975d71
    • Instruction ID: 70a84304f6a92157e6cdc5b7aa85902a3a4cf3d52c3f1ad9fc0e16c80b0ef3cb
    • Opcode Fuzzy Hash: d8432e816ac9686da2fc95d825b50b3a35b68961d0ed7cdc45879d7afb975d71
    • Instruction Fuzzy Hash: DF51DF7250DEC6C2EA70DB15E4502AEB3A0FBD9B64F400236E68D86A79DF3DD545CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1C080 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 122COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA3236C: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF61FA323C0
      • Part of subcall function 00007FF61FB1C54C: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FB1C597
    • _CallMemberFunction0.LIBCPMTD ref: 00007FF61FB1C275
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ProcessorVirtual$Base::CallConcurrency::Concurrency::details::ContextFunction0IdentityMemberQueueRootRoot::Work
    • String ID: ) [parsedSuccessfully$ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $Unable to parse configuration line: $] WITH MESSAGE "
    • API String ID: 135442048-2426455244
    • Opcode ID: cdb5e763a202283bea50aca692a69c17ad14703501388046c3f4656fc6aa0b30
    • Instruction ID: 2dbfd6d9ad9add8c03d5da6c15d9d7e06cc0ceafc5d36aa270751ef52f0dfe24
    • Opcode Fuzzy Hash: cdb5e763a202283bea50aca692a69c17ad14703501388046c3f4656fc6aa0b30
    • Instruction Fuzzy Hash: 9F511F61A1DFC2D1DA20EB15F4912EE7365FBC5BA0F801136E68D87B6AEE2CD505CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA61F8F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA621E6
      • Part of subcall function 00007FF61FA5CE1C: Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00007FF61FA5CE9E
      • Part of subcall function 00007FF61FA5CE1C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA5CED0
      • Part of subcall function 00007FF61FA2BC8C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA2BD7B
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA61FA4
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA5B640: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA5B6AF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::task_options::get_schedulerExceptionFileHeaderRaisechar_traitstype_info::_name_internal_method
    • String ID: test$unsuccessful: $value
    • API String ID: 3727683347-182226173
    • Opcode ID: 08652cf5b577da92d671e47dd72ed73665f8bb4f75abe371cf4a45ef6dd7a429
    • Instruction ID: ebe89a932e9675c216d0d59fa5d2524ffe07e62d8b6faa03f3129a4cb66ba6ef
    • Opcode Fuzzy Hash: 08652cf5b577da92d671e47dd72ed73665f8bb4f75abe371cf4a45ef6dd7a429
    • Instruction Fuzzy Hash: D641087261DEC6D0DA70DB14E4513EAB364FB95764F405232E68DC3AAAEF2CD544CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA10874 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: DestroyException
    • String ID: type must be number, but is
    • API String ID: 2436776299-1272216085
    • Opcode ID: 6a6cd85c18054fbb7783073b57d95f52749706ad5a0b80ef63dfc8e6608d63e5
    • Instruction ID: 27ffa0345e637fab47f9f3606525819fdbf98de011e690b57119495851ff8e0e
    • Opcode Fuzzy Hash: 6a6cd85c18054fbb7783073b57d95f52749706ad5a0b80ef63dfc8e6608d63e5
    • Instruction Fuzzy Hash: DA41ED3664CAC6C6E670DB14E46537AB3B1FBC5B68F018236E68E86669CF3CD544CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA5D1B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
    Download Yara Rule
    APIs
    • shared_ptr.LIBCMTD ref: 00007FF61FA5D1C2
      • Part of subcall function 00007FF61FA2E40C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA2E41A
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA5D226
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA5D295
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA5D302
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA5D4A9
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA5D518
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA5D585
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structured$shared_ptr
    • String ID: ":
    • API String ID: 3085860486-3662656813
    • Opcode ID: cc421909df279c6a7529b18a5b6a1036bd641caec525bc503ba286263a016db5
    • Instruction ID: 37df0827c9de444f7fa194850ceb0bf8dd6a4e0fd0b01d30a1ad0f7ff4b018f2
    • Opcode Fuzzy Hash: cc421909df279c6a7529b18a5b6a1036bd641caec525bc503ba286263a016db5
    • Instruction Fuzzy Hash: D7418126609FC5C5DA70DB16E89439EB7A0FBC9B91F405125DA8E83B69EF3DD444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA507AE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 77COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA507F2
      • Part of subcall function 00007FF61FA5CE1C: Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00007FF61FA5CE9E
      • Part of subcall function 00007FF61FA5CE1C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA5CED0
      • Part of subcall function 00007FF61FA075F8: char_traits.LIBCPMTD ref: 00007FF61FA07618
      • Part of subcall function 00007FF61FA075F8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA0766A
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA50948
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::task_options::get_schedulerchar_traitstype_info::_name_internal_method
    • String ID: ');$=JSON.parse('$var NL_
    • API String ID: 667501607-3722500885
    • Opcode ID: 60784f03f8b3a6ea0ee4f1219cef4efd6ee7c8289ca1c7fa32665d3ad9510c1e
    • Instruction ID: 50e28362ea0baddd1159d9d0e28b17af6aa2b46dca5dce3a34e0618b2a019c47
    • Opcode Fuzzy Hash: 60784f03f8b3a6ea0ee4f1219cef4efd6ee7c8289ca1c7fa32665d3ad9510c1e
    • Instruction Fuzzy Hash: 4F41B46261DFC291DA71AB15E4903EAB368FB85B54F401236D68DC3B9ADF7CD644CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA315DC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_char_traitsstd::_
    • String ID: browser$chrome$cloud$window
    • API String ID: 2398089899-2208511387
    • Opcode ID: 02df272aed432b8bed5e4c022f93ec46370462442d11eba1ee8035450d7b4c92
    • Instruction ID: 28fcc65dff512013e2c36b496bb3c7355151b5550a03939757cc931e11385ece
    • Opcode Fuzzy Hash: 02df272aed432b8bed5e4c022f93ec46370462442d11eba1ee8035450d7b4c92
    • Instruction Fuzzy Hash: 6F211272A1DEC691EA20DB55E4413EA7370FBC5B54F805132E6CD87A6AEF6CE644CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1452C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FB1455A
      • Part of subcall function 00007FF61FB07F38: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FB07F50
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
    • GetProcessHeap.KERNEL32 ref: 00007FF61FB14570
    • HeapAlloc.KERNEL32 ref: 00007FF61FB1457F
    • std::bad_alloc::bad_alloc.LIBCMTD ref: 00007FF61FB14596
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Heapstd::bad_exception::bad_exception$AllocExceptionFileHeaderProcessRaisestd::bad_alloc::bad_alloc
    • String ID: length
    • API String ID: 760574106-25009842
    • Opcode ID: 5511ff645c2aff70aa0d2faa887e5292d4613be261592fe74a0b8cd490e9bb7e
    • Instruction ID: 1677fc09998fd1b51aa075fb037114fc2fe87c994eeb4065cc7b46107a6ea2ff
    • Opcode Fuzzy Hash: 5511ff645c2aff70aa0d2faa887e5292d4613be261592fe74a0b8cd490e9bb7e
    • Instruction Fuzzy Hash: 2C21ED72A18E4682DA30DB19E44126EB7B0FBC9B58F904235E68D877A9DF3CD545CF40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB39A58 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Query$FrequencyOpenPerformanceValue
    • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$~MHz
    • API String ID: 2918398796-2226868861
    • Opcode ID: 916e20cbe34a5028a79cdc12b078f81c552a02771fe117135a269fbf812a16fb
    • Instruction ID: 23fd0b4f6c99dd65b0d89143f3252bf4da7b411fa35f8557be9f6ff8fe12c51c
    • Opcode Fuzzy Hash: 916e20cbe34a5028a79cdc12b078f81c552a02771fe117135a269fbf812a16fb
    • Instruction Fuzzy Hash: 4B011236B29F4182E770DB14F49062A73A5FB85B64F402235E64E83AA4DF3CD558CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB48E2C Relevance: 7.9, APIs: 5, Instructions: 400COMMON
    Download Yara Rule
    APIs
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FB48FF2
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FB495A3
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 643052339-0
    • Opcode ID: 4348f93479c01359a9b7414b88aedf0f695d25a830741cc3b6f846c43c747700
    • Instruction ID: d84b5316c4b702d7947f2042e96dd0ae686ad2c3fecb035365eb1b3d7f85e701
    • Opcode Fuzzy Hash: 4348f93479c01359a9b7414b88aedf0f695d25a830741cc3b6f846c43c747700
    • Instruction Fuzzy Hash: 6122C87260DFC585DAB1DB15E4803EEB364EBC5BA0F405226EA9D83BA9DF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA56D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 140430faccaa70457c7810d3713ff51ea39841a0b5ab21b784b404df2ff9911f
    • Instruction ID: 3ff17b72faccfcf7a88530eaa6589706601dc63907b8ffbf42d7f02df9388959
    • Opcode Fuzzy Hash: 140430faccaa70457c7810d3713ff51ea39841a0b5ab21b784b404df2ff9911f
    • Instruction Fuzzy Hash: 73C1BE62A0CE8691EA709B15D4402BE2BE5FFD2FE0F554131EA4E873A1DF7CEA458311
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB206B0 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyListQueue::SafeStructured
    • String ID:
    • API String ID: 2961683352-0
    • Opcode ID: 6fc6ac62f63d2a197fe36e326c7cf70ecbc22c66c84982fab0caaca69ce58765
    • Instruction ID: 389b994b78b3ad2cead09cc4985a3cebcf0c092a50c58f8fe4cbf098be135457
    • Opcode Fuzzy Hash: 6fc6ac62f63d2a197fe36e326c7cf70ecbc22c66c84982fab0caaca69ce58765
    • Instruction Fuzzy Hash: 8151412261CA8181EB319B25E4513FFB7A1FB89B90F401131E6CE87B9ADE2DE545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD96A0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$EmptyFac_nodeFac_node::_Queue::Structuredstd::_$Base::ContextIdentityPtr_baseQueueshared_ptr
    • String ID:
    • API String ID: 1035655138-0
    • Opcode ID: 94e75741bad319658513cde1c254f07d1b094dec1c829a2965497b56ba83d030
    • Instruction ID: e95b5f955dd315e0b3424c5e2af76613ebfd03d1c6e6af155edfdbcfa9b7c4b8
    • Opcode Fuzzy Hash: 94e75741bad319658513cde1c254f07d1b094dec1c829a2965497b56ba83d030
    • Instruction Fuzzy Hash: EB41DF62A1DEC1C5EA60EB11F4553AEB3A1FFC5B90F404236E68D8775ADE2CD415CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE4F28 Relevance: 7.6, APIs: 5, Instructions: 74fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA317D0
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA317FC
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3182E
      • Part of subcall function 00007FF61FA3178C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31851
      • Part of subcall function 00007FF61FA3178C: MultiByteToWideChar.KERNEL32 ref: 00007FF61FA3187E
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAE4F76
    • CreateFileW.KERNEL32 ref: 00007FF61FAE4FA5
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    • GetFileSizeEx.KERNEL32 ref: 00007FF61FAE4FC7
    • GetFileInformationByHandleEx.KERNEL32 ref: 00007FF61FAE4FE6
    • CloseHandle.KERNEL32 ref: 00007FF61FAE5059
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$File$ByteCharHandleMultiWide$CloseCreateInformationSize
    • String ID:
    • API String ID: 52634402-0
    • Opcode ID: 008cf9a047b4e8cea7f58adfaed889473a51ade14cdc3462834f588cff60a761
    • Instruction ID: 89d2c6792bc11fd5f97c47b9d5f67728ead971d55b91b403bb562f4d8b74f913
    • Opcode Fuzzy Hash: 008cf9a047b4e8cea7f58adfaed889473a51ade14cdc3462834f588cff60a761
    • Instruction Fuzzy Hash: 60310A32608E8286E760DB12F4503ABB7A4FBC5B94F504135EACD87A59EF7DD449CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB39128 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB39159
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB39191
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: ccded70b5851cfe49c29a4793e7ebc358852fbd277be4855d28902fce6d0da83
    • Instruction ID: e9ff900e524470e69600c1ff177e6825729120ce252c4779123271c11322a964
    • Opcode Fuzzy Hash: ccded70b5851cfe49c29a4793e7ebc358852fbd277be4855d28902fce6d0da83
    • Instruction Fuzzy Hash: BF31741394CD8291EA30E715E8512BE6B71EBD6BA4F840131F2CEC69AADE2CD645CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC8D4 Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$MessageSend$CreateListSafeStream
    • String ID:
    • API String ID: 885835161-0
    • Opcode ID: 21ae38c7593f7b94979b39467684e917f54f060fe2cd1ff932bc76dd9c0c4dc6
    • Instruction ID: 97c3a8e26786011b6a57d521a2c6b57ff9cd3a43c32127cb60a386c6b361898d
    • Opcode Fuzzy Hash: 21ae38c7593f7b94979b39467684e917f54f060fe2cd1ff932bc76dd9c0c4dc6
    • Instruction Fuzzy Hash: 0F31523661CE4181E760EB15E4513AFB360FBC5BA4F405132E68E83B69DE3DD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA318D4 Relevance: 7.6, APIs: 5, Instructions: 65COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31918
    • WideCharToMultiByte.KERNEL32 ref: 00007FF61FA31956
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31988
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA319AB
    • WideCharToMultiByte.KERNEL32 ref: 00007FF61FA319EA
      • Part of subcall function 00007FF61FA12E0C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA12E29
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWide
    • String ID:
    • API String ID: 1905860291-0
    • Opcode ID: 4b0f11f653473e8e2fc6e3689a03bc97eadd1272c688fc8a5a95b11c0b16d3e4
    • Instruction ID: b87e72b915bf6ad78ea4a59891233cbe655e1fb52a1d7d05df4e4daaef7dda20
    • Opcode Fuzzy Hash: 4b0f11f653473e8e2fc6e3689a03bc97eadd1272c688fc8a5a95b11c0b16d3e4
    • Instruction Fuzzy Hash: 3431F272618A8086E760EB25E49139AB7A1FBC9B94F500126E68D86A69DF3DD404CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA3178C Relevance: 7.6, APIs: 5, Instructions: 61COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA317D0
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FA317FC
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3182E
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA31851
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FA3187E
      • Part of subcall function 00007FF61FA1361C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA13639
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWide
    • String ID:
    • API String ID: 1905860291-0
    • Opcode ID: 54c879c8a4b670f414bd134e1cd1b0505dc700b551cc952894da8151da9a99f0
    • Instruction ID: 96cedbe15712c74ca4af85babf02b35117ad416d2d88be1a290c23cd8e82f35d
    • Opcode Fuzzy Hash: 54c879c8a4b670f414bd134e1cd1b0505dc700b551cc952894da8151da9a99f0
    • Instruction Fuzzy Hash: F231FB7261DA818AD760DB26E45139EB7A1FBC9B90F405135E6CE87B59DF3DD4048F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD9705 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkstd::_$shared_ptr
    • String ID:
    • API String ID: 57508001-0
    • Opcode ID: f0d75156b0a1d293a6622f7f2f9e19d5431e89b39f97eabe7dc8d75e3a1e4e3d
    • Instruction ID: bb2819edcea38a43b9f6e1b3659cf6376d8588d6d5ae87e299cb8b0cdf3cae9d
    • Opcode Fuzzy Hash: f0d75156b0a1d293a6622f7f2f9e19d5431e89b39f97eabe7dc8d75e3a1e4e3d
    • Instruction Fuzzy Hash: 5B31DB62A1DEC1C5EA60EB11E4953AEB3A1FBC5B90F404236EA8D8775ADE2CD415CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB15428 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB1546C
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FB15498
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB154CA
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB154ED
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FB1551A
      • Part of subcall function 00007FF61FA1361C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA13639
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWide
    • String ID:
    • API String ID: 1905860291-0
    • Opcode ID: 0eb3f75602d8e35eda65cf05a6a7cc1ccef20e5b9e06baa0910adf2ba602c693
    • Instruction ID: 96cedbe15712c74ca4af85babf02b35117ad416d2d88be1a290c23cd8e82f35d
    • Opcode Fuzzy Hash: 0eb3f75602d8e35eda65cf05a6a7cc1ccef20e5b9e06baa0910adf2ba602c693
    • Instruction Fuzzy Hash: F231FB7261DA818AD760DB26E45139EB7A1FBC9B90F405135E6CE87B59DF3DD4048F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA35040 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA35084
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FA350B0
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA350E2
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA35105
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FA35132
      • Part of subcall function 00007FF61FA1361C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA13639
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWide
    • String ID:
    • API String ID: 1905860291-0
    • Opcode ID: 10f053e6643ea13b7ec7a9d8129796d23711cff0cc2d181136b09cd466d5ca69
    • Instruction ID: 96cedbe15712c74ca4af85babf02b35117ad416d2d88be1a290c23cd8e82f35d
    • Opcode Fuzzy Hash: 10f053e6643ea13b7ec7a9d8129796d23711cff0cc2d181136b09cd466d5ca69
    • Instruction Fuzzy Hash: F231FB7261DA818AD760DB26E45139EB7A1FBC9B90F405135E6CE87B59DF3DD4048F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA04D80 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA04DC4
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FA04DF0
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA04E22
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA04E45
    • MultiByteToWideChar.KERNEL32 ref: 00007FF61FA04E72
      • Part of subcall function 00007FF61FA1361C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA13639
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$ByteCharMultiWide
    • String ID:
    • API String ID: 1905860291-0
    • Opcode ID: be89174bcad88161503924dafae5826d216be5de1cad9526b4cab8523ac65ab7
    • Instruction ID: 96cedbe15712c74ca4af85babf02b35117ad416d2d88be1a290c23cd8e82f35d
    • Opcode Fuzzy Hash: be89174bcad88161503924dafae5826d216be5de1cad9526b4cab8523ac65ab7
    • Instruction Fuzzy Hash: F231FB7261DA818AD760DB26E45139EB7A1FBC9B90F405135E6CE87B59DF3DD4048F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB58194 Relevance: 7.6, APIs: 5, Instructions: 55registryclipboardCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ByteCharConcurrency::details::EmptyMultiQueue::StructuredWideWork$ClipboardFormatRegister
    • String ID:
    • API String ID: 2307325414-0
    • Opcode ID: 50db650c5dd271ca47967fd5de23a5b0227342939256fb55ff3de50cd4bf3d2d
    • Instruction ID: 7f8f49f847e183cdf2808746f7a404ef24ba308292e978134ffcaa052a9fcada
    • Opcode Fuzzy Hash: 50db650c5dd271ca47967fd5de23a5b0227342939256fb55ff3de50cd4bf3d2d
    • Instruction Fuzzy Hash: F221FE76619A8186D760EB26F4503AEB7A1FBC9B54F444136F68E87B69DE3CD4048F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA1854 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FlsGetValue.KERNEL32(?,?,?,00007FF61FB88063,?,?,00000000,00007FF61FB882FE,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FBA1873
    • FlsSetValue.KERNEL32(?,?,?,00007FF61FB88063,?,?,00000000,00007FF61FB882FE,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FBA1892
    • FlsSetValue.KERNEL32(?,?,?,00007FF61FB88063,?,?,00000000,00007FF61FB882FE,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FBA18BA
    • FlsSetValue.KERNEL32(?,?,?,00007FF61FB88063,?,?,00000000,00007FF61FB882FE,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FBA18CB
    • FlsSetValue.KERNEL32(?,?,?,00007FF61FB88063,?,?,00000000,00007FF61FB882FE,?,?,?,?,?,00007FF61FB8828A), ref: 00007FF61FBA18DC
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 843fd4ac85333723712da595c865650363b4cb7d7be9dc7961a8afb27d43ebbb
    • Instruction ID: 53bd1f0853f8597334dc6fec18d526eabf033857f251da6df04dc95b53d61230
    • Opcode Fuzzy Hash: 843fd4ac85333723712da595c865650363b4cb7d7be9dc7961a8afb27d43ebbb
    • Instruction Fuzzy Hash: 2C115E20F0DF5241FAB9A735A55117A23D2AF46FF0F545374E83EC6AE6DE2CE4429A00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC208 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$AttributeMessageSend$Active
    • String ID:
    • API String ID: 3574880320-0
    • Opcode ID: 09496f4d784a677a52f8e4a30617e2d152f6c1e5f486e2d9f688b525548079ca
    • Instruction ID: 8d76120fdba62c62a6b209a60ec6cb613b0a336db1719f4bc5d1bf79839bc9fa
    • Opcode Fuzzy Hash: 09496f4d784a677a52f8e4a30617e2d152f6c1e5f486e2d9f688b525548079ca
    • Instruction Fuzzy Hash: C021CC7191CE81C6E7609B91F44476AB7A0FB89B68F500235E6CE96B98CF7CD645CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA16E8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: bf6fa138cd7e8d8a0ea916a6c61382bfa279e1094c4a0abd708e210dfaa6033a
    • Instruction ID: e76c4a89b7576d85779bc674b324350a080dac8ad9f2f7eb383180c4644b264d
    • Opcode Fuzzy Hash: bf6fa138cd7e8d8a0ea916a6c61382bfa279e1094c4a0abd708e210dfaa6033a
    • Instruction Fuzzy Hash: B9113954A09E0302FAB9A73158621B923C15F43FF4F582734D93ECA6F3ED6DB4829A10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB58398 Relevance: 7.5, APIs: 5, Instructions: 44clipboardCOMMON
    Download Yara Rule
    APIs
    • IsClipboardFormatAvailable.USER32(?,?,?,?,?,?,00007FF61FB38DA3,?,?,?,?,?,?,00007FF61FB38F9A), ref: 00007FF61FB583B7
    • IsClipboardFormatAvailable.USER32(?,?,?,?,?,?,00007FF61FB38DA3,?,?,?,?,?,?,00007FF61FB38F9A), ref: 00007FF61FB583C6
    • IsClipboardFormatAvailable.USER32(?,?,?,?,?,?,00007FF61FB38DA3,?,?,?,?,?,?,00007FF61FB38F9A), ref: 00007FF61FB583D5
    • IsClipboardFormatAvailable.USER32(?,?,?,?,?,?,00007FF61FB38DA3,?,?,?,?,?,?,00007FF61FB38F9A), ref: 00007FF61FB5840A
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AvailableClipboardFormat
    • String ID:
    • API String ID: 778505046-0
    • Opcode ID: c081324b6f7779c8c95151ab31bcc13f1931bfd54cd53b162ffbc460ac903069
    • Instruction ID: 4c376e10061a87a216717558eac7712a9eca75ebe236008fed353aa2e128838a
    • Opcode Fuzzy Hash: c081324b6f7779c8c95151ab31bcc13f1931bfd54cd53b162ffbc460ac903069
    • Instruction Fuzzy Hash: 8F111C21A0CD8282F7309B61E44037E67E1EF86F68F541035EA8EC56E5DF2CE4849B12
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA20D9C Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Base::Concurrency::details::ContextIdentityQueueWorkatomic_compare_exchange$Concurrency::details::_CriticalCurrentLock::_ReentrantScoped_lockScoped_lock::_Thread
    • String ID:
    • API String ID: 4197124366-0
    • Opcode ID: 1f4364a37cf9a796edaa91e823341e86f466256616acc66143a3d81cfc8d7e28
    • Instruction ID: 91283e690239ae86e1836b5310a0a796017370e5d8c9a644bee2c0f41a143bdd
    • Opcode Fuzzy Hash: 1f4364a37cf9a796edaa91e823341e86f466256616acc66143a3d81cfc8d7e28
    • Instruction Fuzzy Hash: 6711EF72A18A8586DB20EB26E04525E77B0FBC5B94F500235EB8D87B5ACF3DD9018F04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC3FDC Relevance: 7.5, APIs: 5, Instructions: 42COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_NonReentrantPPLLock::_NonReentrantPPLLock.LIBCMTD ref: 00007FF61FAC4008
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC4012
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC4021
    • Concurrency::details::_NonReentrantPPLLock::_NonReentrantPPLLock.LIBCMTD ref: 00007FF61FAC4060
    • Concurrency::details::WorkQueue::PushStructured.LIBCONCRTD ref: 00007FF61FAC4076
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Reentrant$Concurrency::details::Queue::StructuredWork$Concurrency::details::_EmptyLockLock::_$Push
    • String ID:
    • API String ID: 832944279-0
    • Opcode ID: 704e0041bc3c6b80dca768c3019ec7a01dc4eca3f8788710c285a8319fd2744b
    • Instruction ID: 11146d7afcb130d5c38ad5592b6ec5b18ff4bf9037805a1027b5c39536f92614
    • Opcode Fuzzy Hash: 704e0041bc3c6b80dca768c3019ec7a01dc4eca3f8788710c285a8319fd2744b
    • Instruction Fuzzy Hash: F611C722618E85C1EA60DB15E4910AAB7A4FBC4BD4F505222FACE83A79DF2CD1558B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB14EBC Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Message$DispatchExitProcessTranslateerror_info_injector
    • String ID:
    • API String ID: 734941849-0
    • Opcode ID: 29c6d4f28e7f3c83a8a6b9c45978b06069c1dbd94a35b70e260bb81283d20d1c
    • Instruction ID: 29218e28ae1bf8970129013faff0c4ba785268beab6f8ae66cf706fa8c9398f5
    • Opcode Fuzzy Hash: 29c6d4f28e7f3c83a8a6b9c45978b06069c1dbd94a35b70e260bb81283d20d1c
    • Instruction Fuzzy Hash: 2911BA3291CE55C2E7709B14F48436AB7B0FB87B65F600135E69E86AA8CF3DD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB41558 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB41583
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB41592
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB415B3
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB415BD
    • Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00007FF61FB415CC
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$EmptyQueue::StructuredWork$Factory::FreeProxyRetireThread
    • String ID:
    • API String ID: 3181395165-0
    • Opcode ID: 3d6fadc7c62c052d616c4f1c9ecb4f147720cff90d5add7545cb92ef9e086060
    • Instruction ID: 049afeaa909f08bb940f8063407dab48680892dc43a177ac1c0bf26f0af9a409
    • Opcode Fuzzy Hash: 3d6fadc7c62c052d616c4f1c9ecb4f147720cff90d5add7545cb92ef9e086060
    • Instruction Fuzzy Hash: 9E017962A1CE85C1DA50EB55E45116EF774FBC4BA4F000131FA8EC7B6ACFACD4518B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF1D58 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 205COMMON
    Download Yara Rule
    APIs
    • GetEnvironmentStringsW.KERNEL32 ref: 00007FF61FAF1D90
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA2D000: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA2D0C4
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • FreeEnvironmentStringsW.KERNEL32 ref: 00007FF61FAF20DA
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EnvironmentStringsWork$Base::ContextEmptyFreeIdentityQueueQueue::Structuredchar_traits
    • String ID: returnValue$success
    • API String ID: 2309528455-1204738907
    • Opcode ID: 50106dfaa3ff963ebab9ce81d14609b0c81331d0165f0ea493e306692a2aca3b
    • Instruction ID: 5fa9b83d60ca3af1224a88a514899f1d5b324926e546f31c4be4fea118dc2652
    • Opcode Fuzzy Hash: 50106dfaa3ff963ebab9ce81d14609b0c81331d0165f0ea493e306692a2aca3b
    • Instruction Fuzzy Hash: 53B1B47261DEC195DA70DB15E4913EEB3A0FB89B60F404236E6CD86BA9EF2CD544CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB33FC4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FB37418: _Min_value.LIBCPMTD ref: 00007FF61FB3744F
    • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FB340DD
    • shared_ptr.LIBCMTD ref: 00007FF61FB3412A
      • Part of subcall function 00007FF61FB5DAD8: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FB5DAE4
    • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00007FF61FB34315
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceConcurrency::details::_Min_valueSchedulerScheduler::_shared_ptrstd::bad_exception::bad_exception
    • String ID: invalid hash bucket count
    • API String ID: 2037438905-1101463472
    • Opcode ID: 7f110234f37987cbcc0d6cedaa9c9c7d4d2ee51d225a21b4668973410fee2389
    • Instruction ID: 7a0344fd82d149b0b79013c307f8cd4fdd8b9b318869e2e6491a96e83013a7ec
    • Opcode Fuzzy Hash: 7f110234f37987cbcc0d6cedaa9c9c7d4d2ee51d225a21b4668973410fee2389
    • Instruction Fuzzy Hash: 6791E82661CF8582DA70DB15E4912AEB7A5FBC9B94F400132EACD87B6ADF3CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAEA130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FAEA1B4
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWorkchar_traits
    • String ID: .*Binary$$data$dataBinary
    • API String ID: 2344289377-1982336578
    • Opcode ID: 21cfdc47c77e5515868b9e6e019c8afaa627b29c0fa47ebf7df6556aaccfa183
    • Instruction ID: 06e34e75d4e6a983f86a4bd1cfe388825da4ae07861ffa34623143e5c4c660a5
    • Opcode Fuzzy Hash: 21cfdc47c77e5515868b9e6e019c8afaa627b29c0fa47ebf7df6556aaccfa183
    • Instruction Fuzzy Hash: 6461EB7261DFC6D1DA60DB15E4913EAB361FBC5BA0F405232E68D83BAADE2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC8354 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
    Download Yara Rule
    APIs
    • shared_ptr.LIBCMTD ref: 00007FF61FAC83DE
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC84FA
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAC8607
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_shared_ptr
    • String ID: asio connection post_init
    • API String ID: 1276414459-3710395513
    • Opcode ID: 9384346ef0a9fcc22ca3a784fcc38f530b21b283c4d5ee610af889cc7425a4c7
    • Instruction ID: c92245a3b8fc45a16fbcc1750554a2391a2950f4e9451624130fdbb45762e48f
    • Opcode Fuzzy Hash: 9384346ef0a9fcc22ca3a784fcc38f530b21b283c4d5ee610af889cc7425a4c7
    • Instruction Fuzzy Hash: 0061B076619FC595DAA0DB15E4813EAB3A4FB85B90F804236EACD83B69DF3CD154CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF5598 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF57B4
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF57F8
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
    • String ID: extensions$name
    • API String ID: 1744367693-1311653554
    • Opcode ID: eace204fe364162c3e0c65947835f1436b09a956251748f9d22b4056cc54eb82
    • Instruction ID: 3c18b3fccdebdb240c83be184845d6672389c74983fa3788098a61447d03062c
    • Opcode Fuzzy Hash: eace204fe364162c3e0c65947835f1436b09a956251748f9d22b4056cc54eb82
    • Instruction Fuzzy Hash: 7961EB7261DEC2D1DAA0DB15E4512EEB360FBC5BA0F805232E6CDC6A6ADF6CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC13EC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
      • Part of subcall function 00007FF61FAD9210: _CallMemberFunction0.LIBCPMTD ref: 00007FF61FAD927F
    • std::make_error_code.LIBCPMTD ref: 00007FF61FAC14A0
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
      • Part of subcall function 00007FF61FACEEB0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FACF028
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CallConcurrency::details::Concurrency::details::_CriticalEmptyFunction0Lock::_MemberQueue::ReentrantScoped_lockScoped_lock::_StructuredWorkstd::error_condition::error_conditionstd::make_error_code
    • String ID: connection handle_transport_init$handle_transport_init must be called from transport init state$handle_transport_init received error:
    • API String ID: 3011408989-1621642840
    • Opcode ID: 1bc3b0b3906bbb8ffb5fdf50b36fb49f65f1ede2254997e58a684eeae43d3c9f
    • Instruction ID: 53b9bcd3e89fc5a873ab7ba74bcdfae8a988f7b72ec47dd50e4cfa5def86659b
    • Opcode Fuzzy Hash: 1bc3b0b3906bbb8ffb5fdf50b36fb49f65f1ede2254997e58a684eeae43d3c9f
    • Instruction Fuzzy Hash: 9151FC72A08FC581EA20DB15E4953EE7360FBC5B90F404131EA8D87BAADF6CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA49204 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Fac_nodeFac_node::_std::_
    • String ID: 0x0000 <= codepoint && codepoint <= 0xFFFF$D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$current == 'u'
    • API String ID: 1114552684-4275275915
    • Opcode ID: 809b279aceae1c996f6810833eb228ea216fbdbc8f830cf0b06385a65811e1b4
    • Instruction ID: 624f8734e65619dc2cf710e4488e112adf9b81c7a8a092df56dc5aa50d9c22e8
    • Opcode Fuzzy Hash: 809b279aceae1c996f6810833eb228ea216fbdbc8f830cf0b06385a65811e1b4
    • Instruction Fuzzy Hash: F351EC72618A85C6E774CB19E44426E77A0FB89B64F440239E68EC7B99DF7CE514CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB14FFC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$Long
    • String ID: 6
    • API String ID: 847901565-498629140
    • Opcode ID: 004ad38619d2756b8c285cae607cba163c34a7be9dbaa023da0e57b9a269247c
    • Instruction ID: 8764f627f63effe0244f7d249ac9b5a7c44ad8b6c1a3684772c736e6e22aade5
    • Opcode Fuzzy Hash: 004ad38619d2756b8c285cae607cba163c34a7be9dbaa023da0e57b9a269247c
    • Instruction Fuzzy Hash: C151A876608B818BD774CB29E44475AB7B1F7C9B64F104225EAAD83BA8DF39D445CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABD2E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
      • Part of subcall function 00007FF61FA6E47C: std::make_error_code.LIBCPMTD ref: 00007FF61FA6E4AA
    • std::make_error_code.LIBCPMTD ref: 00007FF61FABD36F
      • Part of subcall function 00007FF61FAC5A1C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A3A
      • Part of subcall function 00007FF61FAD9210: _CallMemberFunction0.LIBCPMTD ref: 00007FF61FAD927F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$CallConcurrency::details::_CriticalFunction0Lock::_MemberReentrantScoped_lockScoped_lock::_std::error_condition::error_condition
    • String ID: asio async_read_at_least$asio con handle_async_read$handle_async_read called with null read handler
    • API String ID: 524731376-1533064825
    • Opcode ID: 99f0be39f76c17d95b9ac5717fbb441aba33dbca418555a42381933ac9419035
    • Instruction ID: 10a4c39d0120530177d885aea0d9ad89cf50e3bbf4bce1c394ec2c5cff8e1c01
    • Opcode Fuzzy Hash: 99f0be39f76c17d95b9ac5717fbb441aba33dbca418555a42381933ac9419035
    • Instruction Fuzzy Hash: 86410A62A1CEC6C1EA20DB15E4513BA7360FBD4B54F409232E6CD87AAADF2CE545CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB6FF7C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Maklocstr
    • String ID: false$true
    • API String ID: 2987148671-2658103896
    • Opcode ID: 9d2729e839ef410d24e959349a7ec5824a739c7208200a215d5298898ecb7fc8
    • Instruction ID: 030ff78c93bc36b42f7aadc3b0791bec37d080666d246ee7f4a7c787dfd1eaa3
    • Opcode Fuzzy Hash: 9d2729e839ef410d24e959349a7ec5824a739c7208200a215d5298898ecb7fc8
    • Instruction Fuzzy Hash: 2D414A26B18F8599E710CF70E4401ED33B1FB49BA8B405226EE4D67B59EF38D595C384
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA01DE9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91registryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CloseOpenQueryValue
    • String ID: EBWebView
    • API String ID: 3677997916-998646055
    • Opcode ID: c0c880a0bfeeaea0d0d10aa787d216b89fc3746f26d4c65a31182b5ae9ed8224
    • Instruction ID: dfa9e9e81b89acead9c6b739628162518a5aa1c14142ebc1c7b5ecd5617a791b
    • Opcode Fuzzy Hash: c0c880a0bfeeaea0d0d10aa787d216b89fc3746f26d4c65a31182b5ae9ed8224
    • Instruction Fuzzy Hash: 4331A831718E4285EA609B51B8956BA63D1FF89FE4F805235ED8DC7B95DEBCE0058700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABDE84 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_Ptr_baseReentrantScoped_lockScoped_lock::_std::make_error_code
    • String ID: Asio transport post-init timed out$asio handle_post_init_timeout$asio post init timer cancelled
    • API String ID: 309102078-3344867729
    • Opcode ID: fa76d3791f3dc84eacfe2dfaa8879b78fe500715677b9a35b9a09521145e70e4
    • Instruction ID: 4798c49da6eb89d42c4adc1ad719338056deab9eff0eef9b68b4557d6ffb761b
    • Opcode Fuzzy Hash: fa76d3791f3dc84eacfe2dfaa8879b78fe500715677b9a35b9a09521145e70e4
    • Instruction Fuzzy Hash: 2E410062A1CF85C1E620DB21E4513BA6360FBC5B94F408631EACD87B9ADF3CD545CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA5C608 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA5C78A
      • Part of subcall function 00007FF61FA0FB28: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA0FC17
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextExceptionFileHeaderIdentityQueueRaise
    • String ID: ' not found$cannot use at() with $key '
    • API String ID: 1110708795-3748837117
    • Opcode ID: e937428ec6d6047f6d449baf0acd1bb7e348a15707b584cc387cc3ee8aee4178
    • Instruction ID: d70a2b5cf433eeab05b215c5589c530ca3564481d0fad5d27eab0db7b26e0bd4
    • Opcode Fuzzy Hash: e937428ec6d6047f6d449baf0acd1bb7e348a15707b584cc387cc3ee8aee4178
    • Instruction Fuzzy Hash: 9D412E72619FC6D0DA60DB51F4512EAB3A0FBC5BA4F401232EA8D87BA9DE3CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABDAD4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_std::make_error_code
    • String ID: open handle_open_handshake_timeout error: $open handshake timer cancelled$open handshake timer expired
    • API String ID: 757038541-2537421419
    • Opcode ID: 2272efcb19ae6f96805206619d6b89a18c553d12eb829b20065bab62a8990009
    • Instruction ID: f85a08ff0af5cad66048a510a29ddbefc38384aa51d6806130c705b1bab55810
    • Opcode Fuzzy Hash: 2272efcb19ae6f96805206619d6b89a18c553d12eb829b20065bab62a8990009
    • Instruction Fuzzy Hash: B7412F61A0DFC6C1EA60DB11E4513AF63A0FBC5B94F404536EA8E97BA9DE3CD405CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABD930 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_std::make_error_code
    • String ID: asio close handshake timer cancelled$asio close handshake timer expired$asio open handle_close_handshake_timeout error:
    • API String ID: 757038541-2555536921
    • Opcode ID: 5dc5921aa9936d9b2adea67dc84f6f1299645b2729f4b8675e0f869b2986c731
    • Instruction ID: 7e0cebfac65a066e918c5d3d8e8f7ef610ef2b246d439cb4ba468fb12390e6ff
    • Opcode Fuzzy Hash: 5dc5921aa9936d9b2adea67dc84f6f1299645b2729f4b8675e0f869b2986c731
    • Instruction Fuzzy Hash: 70412F61A1CFC6C1EA60D711E4513AE7364FBC5B90F404536EA8D97BAADE3CD405CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAEC6FC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: DestroyException
    • String ID: type must be number, but is
    • API String ID: 2436776299-1272216085
    • Opcode ID: 498d14b8045e41860540e2fbdb7fbf2e1e97550adae463396b922ed91b88d724
    • Instruction ID: 28b05d2ea3a7fd6a77d789e707aad4f6544e354f567012b2274e610590539b54
    • Opcode Fuzzy Hash: 498d14b8045e41860540e2fbdb7fbf2e1e97550adae463396b922ed91b88d724
    • Instruction Fuzzy Hash: F741FB3290DEC2C1EA709B15E4542AE73B0FBC5B68F004236E68E8276ACF3CD555CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABD6F4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
    Download Yara Rule
    APIs
    • std::make_error_code.LIBCPMTD ref: 00007FF61FABD7DD
      • Part of subcall function 00007FF61FA6E514: std::make_error_code.LIBCPMTD ref: 00007FF61FA6E542
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
      • Part of subcall function 00007FF61FA166A0: _Ptr_base.LIBCMTD ref: 00007FF61FA166AE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$Concurrency::details::_CriticalLock::_Ptr_baseReentrantScoped_lockScoped_lock::_
    • String ID: Asio transport socket shutdown timed out$asio handle_async_shutdown_timeout$asio socket shutdown timer cancelled
    • API String ID: 372672534-2087974262
    • Opcode ID: 4ba0033c5d5a414ae54171afbd2754db23247a84354c5a5a2a99c19f1d238a3e
    • Instruction ID: 63bbaa1c419fb3aee4c45f8720a66e82c0618edb827103f26ccf2346ac622416
    • Opcode Fuzzy Hash: 4ba0033c5d5a414ae54171afbd2754db23247a84354c5a5a2a99c19f1d238a3e
    • Instruction Fuzzy Hash: EB31306291CE81C2EA20EB21E4513AA7360FBC4B54F509232EACDC776ADF3CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD57EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAD595A
      • Part of subcall function 00007FF61FAD9210: _CallMemberFunction0.LIBCPMTD ref: 00007FF61FAD927F
    • std::make_error_code.LIBCPMTD ref: 00007FF61FAD5878
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CallConcurrency::details::Concurrency::details::_CriticalEmptyFunction0Lock::_MemberQueue::ReentrantScoped_lockScoped_lock::_StructuredWorkstd::error_condition::error_conditionstd::make_error_code
    • String ID: Start called in invalid state$connection start
    • API String ID: 3011408989-3433216436
    • Opcode ID: 77ac205f601aad659c21eb7144e6c2ac2041dfb3bdd9860df3510aa439b21c73
    • Instruction ID: 4000a5dc1c0dfc7678b15d748d68da0001a1a8cf58208e9ef0465af61c98f43a
    • Opcode Fuzzy Hash: 77ac205f601aad659c21eb7144e6c2ac2041dfb3bdd9860df3510aa439b21c73
    • Instruction Fuzzy Hash: B631FB32A09F85C5EA209B15E4403EAB760FBC9B94F504236EACD87B6ADF3CD154CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA50A9F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA50B52
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA50B9D
    • ~.LIBCPMTD ref: 00007FF61FA50BB9
      • Part of subcall function 00007FF61FAE4534: PathRemoveFileSpecW.SHLWAPI ref: 00007FF61FAE4588
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA50BE0
    • ~.LIBCPMTD ref: 00007FF61FA50C09
      • Part of subcall function 00007FF61FAE4604: GetCurrentDirectoryW.KERNEL32 ref: 00007FF61FAE4634
      • Part of subcall function 00007FF61FA1725C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA17287
      • Part of subcall function 00007FF61FA1725C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA17296
      • Part of subcall function 00007FF61FA1725C: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00007FF61FA172BC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$EmptyQueue::StructuredWorktype_info::_name_internal_method$CurrentDirectoryFactory::FileFreePathProxyRemoveRetireSpecThread
    • String ID: --load-dir-res
    • API String ID: 3085592015-3949011115
    • Opcode ID: 1b4493b5541d5d60facc7b81252449e8333b20bda797f03b935b6b5f83ba5315
    • Instruction ID: 9c789518ac0575471146bd02d875e9d882918510644c5ce7ee273a787917d988
    • Opcode Fuzzy Hash: 1b4493b5541d5d60facc7b81252449e8333b20bda797f03b935b6b5f83ba5315
    • Instruction Fuzzy Hash: AB31016161CE87E1DA20EB51E8912FEB365FFD0B60F815232E58DC65AAEF6CD505C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABCE38 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
      • Part of subcall function 00007FF61FA6E430: std::make_error_code.LIBCPMTD ref: 00007FF61FA6E45E
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FABCEBD
    • std::make_error_code.LIBCPMTD ref: 00007FF61FABCED3
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_std::error_condition::error_conditiontype_info::_name_internal_method
    • String ID: asio handle_accept$asio::handle_accept
    • API String ID: 2268868255-2137090272
    • Opcode ID: fc80d386c30fa5f4f5552b54607e96d2ef50e8a1cc2d1d6239338d659676d20b
    • Instruction ID: f1b739783f5948b14c68834b1eba83e1021873aa5841f70adf385ad592036e21
    • Opcode Fuzzy Hash: fc80d386c30fa5f4f5552b54607e96d2ef50e8a1cc2d1d6239338d659676d20b
    • Instruction Fuzzy Hash: AD211062A1CFC6C1EA20DB21E4413BA7361FBC5B94F909231E6CD96A5ADF3CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE18B4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: .\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-2808486971
    • Opcode ID: 6dc58675d23ffb1fb02b1f1a5aae441175f848e52df57e82897b6814aad220cc
    • Instruction ID: c2cebf3f69818ac37e4af2334979ede239541bf923302a181556a5adfcd7e768
    • Opcode Fuzzy Hash: 6dc58675d23ffb1fb02b1f1a5aae441175f848e52df57e82897b6814aad220cc
    • Instruction Fuzzy Hash: 9F21122261CD82D1DB50EB21F4510AAA361FFD5BA4F804232F68EC396ADE6CD515CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA611F8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF61FA61265
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA3DCCC: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3DDBB
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextExceptionFileHeaderIdentityQueueRaisechar_traits
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$cannot use key() for non-object iterators$m_object != nullptr
    • API String ID: 1969640963-3969524006
    • Opcode ID: 5cb6af82a02c984155dfc97cb2bb0412b6e329a14346b817fac1b3d3257be410
    • Instruction ID: ebf368d6f055fde9ca70db7c3d78687d3ddd7f2bb7d773b30babf65d6adbcac6
    • Opcode Fuzzy Hash: 5cb6af82a02c984155dfc97cb2bb0412b6e329a14346b817fac1b3d3257be410
    • Instruction Fuzzy Hash: 35215C21A0DF8B80EA20EB25E4513BA6360FB86FA4F805132E58DC37A6DF2CE105D701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA6171C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Mailbox
    • String ID: ((x.f << delta) >> delta) == x.f$D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$delta >= 0
    • API String ID: 1763892119-1299833480
    • Opcode ID: b8d3dc2bb9b611153053a9520b213c61033476fb0e58c716018ef8edd32b14d7
    • Instruction ID: 42cebe808b38e234f49ece004b971411cc4740b0de6043dd8829b3528dc3fa0e
    • Opcode Fuzzy Hash: b8d3dc2bb9b611153053a9520b213c61033476fb0e58c716018ef8edd32b14d7
    • Instruction Fuzzy Hash: 6E11E776718B858BDB20DB59F49006AB7A0F7C9BA4F404525FA8D83B69CF6CD644CF40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD8710 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$std::error_condition::error_condition
    • String ID: }
    • API String ID: 2527301759-4239843852
    • Opcode ID: 59ed307ba8ce2364fcb8529e4c7ba259558a09f24d617031a644f960085f1224
    • Instruction ID: 99d9a84c70dc25ea9e13ee5ef4bca8289575a088c8f6879dddafd5b904459a33
    • Opcode Fuzzy Hash: 59ed307ba8ce2364fcb8529e4c7ba259558a09f24d617031a644f960085f1224
    • Instruction Fuzzy Hash: B8110D2290C982C1D620DA15E44023EB774EBD1BA4F200631FBCD86AADCF6DD5518B04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAE17EC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: .\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-2808486971
    • Opcode ID: a395902c3cd04cf8659e7ac388f8991b2a88273303a12fad30795c4205639ae6
    • Instruction ID: d4923918ddbdb756673eab33228e64d3fb79fb0083b3630f5964130fccba0d1b
    • Opcode Fuzzy Hash: a395902c3cd04cf8659e7ac388f8991b2a88273303a12fad30795c4205639ae6
    • Instruction Fuzzy Hash: 7211422261CD42D1DB50EB25E4510EE7770FFD1B94F900232F68EC29AADE2DD645CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA30220 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: 872901e1330623c4c382abca67d306b9e33f41273603444cb925c8d1010d3f23
    • Instruction ID: 77388da6f197eeda715eeb60f0d383e928f8e97aab1e8520f781906f55472ff3
    • Opcode Fuzzy Hash: 872901e1330623c4c382abca67d306b9e33f41273603444cb925c8d1010d3f23
    • Instruction Fuzzy Hash: C911722261CD42D1EB50EB25E4510EFA770FFD1B94F900232F68EC29AADE2DD605CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA30158 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: 7be5f658c828813d7de2d890e53ec8abdbd27b35afd51bc5c3952397b3044c94
    • Instruction ID: 0a38925f7da8313fce0f312914a8d00f38acbed0285b1991fe49d03855d39d94
    • Opcode Fuzzy Hash: 7be5f658c828813d7de2d890e53ec8abdbd27b35afd51bc5c3952397b3044c94
    • Instruction Fuzzy Hash: 9911422261CD82D1DB50EB25E8510EE6770FFD1B94F904232F68EC29AADE2DD645CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA30090 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: 76b2ad3193d35cd01b9ad72393f140d7b07dbfd49b6a052734a727023440c064
    • Instruction ID: d5eaf76c94ad694a98ee23bf7a588afa19baa3d16d85b11bb99ec4c7e8e44ac6
    • Opcode Fuzzy Hash: 76b2ad3193d35cd01b9ad72393f140d7b07dbfd49b6a052734a727023440c064
    • Instruction Fuzzy Hash: 9511422271DD82D1DB50EB25E8510EE6770FFD1B94F904232F68EC29AADE2DD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA2FFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: 25c77bd9d122db319ac0afb5daf89b31684a70e8477722efabaac7e9f0f1c770
    • Instruction ID: 235dc964c735f771d0920c81e4c8241326e20f9803a66bfd55477d79c0cdf24e
    • Opcode Fuzzy Hash: 25c77bd9d122db319ac0afb5daf89b31684a70e8477722efabaac7e9f0f1c770
    • Instruction Fuzzy Hash: F2114F2261CD42D1EB50EB25F8910EA7770FFD1B94F904232F68EC29AADE2DD645CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA2C0AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: bc9c2e04f853e0fe817aaa96fd6b2bdc4f6e8dbfeb5f1c16bc173a5f8ad1be21
    • Instruction ID: 3ef3abb1e4dd1b922f2ed3b15642501590f13934bf037317642e403e01cdeb76
    • Opcode Fuzzy Hash: bc9c2e04f853e0fe817aaa96fd6b2bdc4f6e8dbfeb5f1c16bc173a5f8ad1be21
    • Instruction Fuzzy Hash: 8E01561171CD82D1EB50E721E8510EE6361FFD4BA4F841232F58FC65AADE2DD605C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA2C004 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: 88e53db9f536ee3f9b2e7a1067f2b58aa93e2b3cc76024f00984ea377ffde455
    • Instruction ID: 06efe4eb506ef4906468f3b7c3e713f3953bf7f50ee4ce421cd4a5a3f703ad5f
    • Opcode Fuzzy Hash: 88e53db9f536ee3f9b2e7a1067f2b58aa93e2b3cc76024f00984ea377ffde455
    • Instruction Fuzzy Hash: 9801302271CD8291EB50E721E8510EE6361FFD0BA4F845232F18FC69AAEE2DD605C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA2BF5C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocateConcurrency::details::_SchedulerScheduler::_allocator
    • String ID: D:\a\neutralinojs\neutralinojs\lib/json/json.hpp$obj != nullptr
    • API String ID: 456131881-270546399
    • Opcode ID: 3e7ca6c6a9a18bf2670c6d8eec29e397db6cdd7629c2c8fc736f2f8d112015b9
    • Instruction ID: d1371eb23b513599562b72242470bbc54848333e9768eaa73bccaec73bdddbb6
    • Opcode Fuzzy Hash: 3e7ca6c6a9a18bf2670c6d8eec29e397db6cdd7629c2c8fc736f2f8d112015b9
    • Instruction Fuzzy Hash: 06013012728D8291EB50E721E8510FE6361FFD0BA4F841232F58FC69AAEE2DD605C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC108 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: SystemParametersInfoW$user32.dll
    • API String ID: 1646373207-3640902589
    • Opcode ID: 642d3f3d6deb36366b2503195796ec7a190867fdc0c7f1894e04066bf97f96c4
    • Instruction ID: 3e97475c173c88b45a60165b209db8d1c93df828559c9f77c66b5177038ea738
    • Opcode Fuzzy Hash: 642d3f3d6deb36366b2503195796ec7a190867fdc0c7f1894e04066bf97f96c4
    • Instruction Fuzzy Hash: 26015232A1CF4596E760DB11F44436AB3A5FB85BA4F404235E68E877A4DF3CC294CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC7F8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$Long
    • String ID: 4
    • API String ID: 847901565-4088798008
    • Opcode ID: 0703cdbda0ae148ef5d98e224e8c4f4782ffdc7209cbd7e2ecf53c1d9cd9170c
    • Instruction ID: 2dfa45b5ebf9c7009774d31d5d900ad389648cadf4bd09ec43bf331287c0bbe1
    • Opcode Fuzzy Hash: 0703cdbda0ae148ef5d98e224e8c4f4782ffdc7209cbd7e2ecf53c1d9cd9170c
    • Instruction Fuzzy Hash: D11178B4A1CD428AE758DB2AF84092677B1AF89FA4F504135D80DC7765CF3CB845AB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA01F42 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: DebugOutputString
    • String ID: WebView2: skipped an incompatible version
    • API String ID: 1166629820-36545633
    • Opcode ID: f06205a931593633ae00f4cedc3c792846ed46b532015c7da43f99cb78561f91
    • Instruction ID: 17156e09da5822d69c5119a96f148d018707c8928d5ff8337d3148e5139cc1f3
    • Opcode Fuzzy Hash: f06205a931593633ae00f4cedc3c792846ed46b532015c7da43f99cb78561f91
    • Instruction Fuzzy Hash: E1F01722F19D5682FF15AB26B9800B81791AF55FB5B904532C90EC7291DE6CA886C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB15680 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31synchronizationCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CallCloseCreateDecorator::getEventHandleIndexMessageObjectPostSingleThreadWait
    • String ID: WindowClosedEvent
    • API String ID: 1950244861-1475311412
    • Opcode ID: 7fa0b46490b5c649399ec92a28031f3158be1ef0e47604eb5c554db207b0c6da
    • Instruction ID: 2a4117703bdef903f8425ae9cfc486b06212aaa9fc62b3e35f5d9918b14fd6dd
    • Opcode Fuzzy Hash: 7fa0b46490b5c649399ec92a28031f3158be1ef0e47604eb5c554db207b0c6da
    • Instruction Fuzzy Hash: 5C01C976618E8596EB70DB15F44076AB770FBCAB94F405136EA8E82B69CF3CD1548B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC058 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: RtlGetNtVersionNumbers$ntdll.dll
    • API String ID: 1646373207-1263206204
    • Opcode ID: 6c43084e96b3f9b4c909224e92c0b76170ee533abe0b65deaa3d3fc0ac8e2050
    • Instruction ID: 047e270c721fecdcdf34267ec524d74eebcd39561c1685ebfe04df770ac92a5e
    • Opcode Fuzzy Hash: 6c43084e96b3f9b4c909224e92c0b76170ee533abe0b65deaa3d3fc0ac8e2050
    • Instruction Fuzzy Hash: A801DA36918E81C2D761DB15E44435A73B0F784B64F401221F68E86A68DF3CD645CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFCC48 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Window$Long
    • String ID: 7
    • API String ID: 847901565-1790921346
    • Opcode ID: a93caf3acb081bd22e7e65b7456d86ebeb9afcce922681b01133695171a3af92
    • Instruction ID: eedc0da20421c2aeb3a676f598d763378f850f1c0aeccee0d4d52fd5f7c65547
    • Opcode Fuzzy Hash: a93caf3acb081bd22e7e65b7456d86ebeb9afcce922681b01133695171a3af92
    • Instruction Fuzzy Hash: B4F0F975A18D8187E360DB29E855A1A77B1FBC6B68F200235EA5D87AA8CF3DD4058F00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB5C8E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20synchronizationthreadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CurrentObjectSingleThreadWait
    • String ID: lib/efsw/src/efsw/platform/win\ThreadImpl.cpp$mThreadId != GetCurrentThreadId()
    • API String ID: 1728940165-3737595965
    • Opcode ID: f0b2c0b0d0046fdfa61550e53a7aaadbf9374b489b8911e9d807dc668ccd040f
    • Instruction ID: 09f20f47a5da350e052dbee7318a118a688d057f7251becca544f8946895a7f2
    • Opcode Fuzzy Hash: f0b2c0b0d0046fdfa61550e53a7aaadbf9374b489b8911e9d807dc668ccd040f
    • Instruction Fuzzy Hash: 92F01C21A28E4681EB609F6AE8807292361FBC2FA4F905132E55EC26A4DF3CD445CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA38484 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AllocErrorLaststd::error_condition::error_condition
    • String ID: tss
    • API String ID: 2631198021-1638339373
    • Opcode ID: a10ba526f5920862028a5de891e67253d5ba388af29a31f3900ab35dffeb6e83
    • Instruction ID: 95e1a57191d7cb576e505c06fa24269fd3597e8d6fec20e686d981393934a793
    • Opcode Fuzzy Hash: a10ba526f5920862028a5de891e67253d5ba388af29a31f3900ab35dffeb6e83
    • Instruction Fuzzy Hash: 1BF0FE7691CA43C6D670EB64E84406A7760FB85B78F400335E6AD826D9DF3CE6058B04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC972C Relevance: 6.3, APIs: 4, Instructions: 293COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$ReaderWriter$Concurrency::details::_LockLock::_Ptr_basestd::error_condition::error_condition
    • String ID:
    • API String ID: 454725395-0
    • Opcode ID: 8b69508d2aa0b711d470c0d25273566752798f4f8e93471f2cc934453a824e33
    • Instruction ID: 65e1ac5eebcdc9a1677da81789b9f345ae5d4645b3d701c56df603eb72ab8083
    • Opcode Fuzzy Hash: 8b69508d2aa0b711d470c0d25273566752798f4f8e93471f2cc934453a824e33
    • Instruction Fuzzy Hash: 0AE1C97660DAC2C5EA60EB26E4513EEB760EBC5B90F504132EACD87B5ADF2DD445CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB55728 Relevance: 6.2, APIs: 4, Instructions: 180COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ByteCharConcurrency::details::EmptyMultiQueue::StructuredWideWork$char_traitstype_info::_name_internal_method
    • String ID:
    • API String ID: 1659218469-0
    • Opcode ID: a8d6b2b1ebc8342bbd037dd929f5a861ff1f823bad72630caea44ac3fe223ea9
    • Instruction ID: 017f6d7b971cd6bbca4f70ffc6108419d2d1019fb871ae0cec9037b9c4dabb4f
    • Opcode Fuzzy Hash: a8d6b2b1ebc8342bbd037dd929f5a861ff1f823bad72630caea44ac3fe223ea9
    • Instruction Fuzzy Hash: DAA1C836608BC585EB60DB15E4913AAB7A1FBC9BA4F404136EA8D87B69DF7CD444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA343F0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: fpos
    • String ID:
    • API String ID: 1083263101-0
    • Opcode ID: 694abdc781903485c70c9211209154ace9e868096717bd0ed986b9c761064441
    • Instruction ID: 8f4299ed23d3872b8af0cbf91a9113cc73cc187066227802f024c71f67a600bd
    • Opcode Fuzzy Hash: 694abdc781903485c70c9211209154ace9e868096717bd0ed986b9c761064441
    • Instruction Fuzzy Hash: 8B81A926A1CF85C6DAB0DB55E45136AA3A4F784BA4F104235EADEC7B99DF3CD844CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB2D0B8 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ListSafe$Base::Concurrency::details::ContextIdentityQueueWork
    • String ID:
    • API String ID: 343172695-0
    • Opcode ID: 14429f4b6092368819f82e208a765b5e75bea81ccc56293610dbb6a844a776f9
    • Instruction ID: d25450cc5b223e462204d8c4687204d5292e52f41af55154d58e45d1de67a955
    • Opcode Fuzzy Hash: 14429f4b6092368819f82e208a765b5e75bea81ccc56293610dbb6a844a776f9
    • Instruction Fuzzy Hash: 22411E6261CEC691DB70DB21E4552EEB360FBC5B90F404132E68D87A6ADF3DD145CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB601D0 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfoLocinfo::~_Lockit::_Lockit::~_
    • String ID:
    • API String ID: 3791735636-0
    • Opcode ID: dc2ca3708b05ba29cb47d6c066ecfc4fc5a7c7da6517645470d526dc00fdea3d
    • Instruction ID: 2bcd689da61e75fd55be51d028959b9cad4719a4f07643cd3c5c25a2f9418c7a
    • Opcode Fuzzy Hash: dc2ca3708b05ba29cb47d6c066ecfc4fc5a7c7da6517645470d526dc00fdea3d
    • Instruction Fuzzy Hash: 06417922A18F8582EB28DB62E4902697771FB89FE4F044532DE4D87B69DF3CD951C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA1158C Relevance: 6.1, APIs: 4, Instructions: 93COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA06FA0: _Byte_length.LIBCPMTD ref: 00007FF61FA07015
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA11649
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA11672
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA116AA
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA116D6
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 671395144-0
    • Opcode ID: 5328f4c0dde5b647de4d8f38cdb2c05a12117d28ddee70c4172a44cec8e59254
    • Instruction ID: 2a56f4a05c91bab918c5eaf0b78e35826c59429339bac910ab0cfc2d50820ac3
    • Opcode Fuzzy Hash: 5328f4c0dde5b647de4d8f38cdb2c05a12117d28ddee70c4172a44cec8e59254
    • Instruction Fuzzy Hash: E441D13260DE8281DA20EB25E4513EEB7A0FBC5B94F400236E6CD83B6ADF2CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB5C624 Relevance: 6.1, APIs: 4, Instructions: 91COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetModuleFileNameW.KERNEL32 ref: 00007FF61FB5C67A
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB5C688
      • Part of subcall function 00007FF61FB4B028: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF61FB4B08F
      • Part of subcall function 00007FF61FB4B598: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF61FB4B601
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB5C7F4
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB5C810
      • Part of subcall function 00007FF61FA16578: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA16593
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableType$FileModuleName
    • String ID:
    • API String ID: 103266882-0
    • Opcode ID: de718ea77233b4191b62e263dd4d3ed66d436d6305e34543c7d944ad42ac548a
    • Instruction ID: f58881afbbe544f367ef276ec5da43bc023b0b09559c5b01b1f01f28b3f3b2ed
    • Opcode Fuzzy Hash: de718ea77233b4191b62e263dd4d3ed66d436d6305e34543c7d944ad42ac548a
    • Instruction Fuzzy Hash: ED41B136608FC591DAB0DB15E4913EAB3A4FBC5790F804126EACD82B69DF7CD549CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB0DF98 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::ReentrantStructuredWork$Concurrency::details::_LockLock::_bool_shared_ptr
    • String ID:
    • API String ID: 1894667587-0
    • Opcode ID: 7839923915b54ccd444017b99e60d40729f2a88542ddae82a6a104defc2b9fca
    • Instruction ID: bfe2ddf745f70e456a5208a23bbf3ec7aa83f59ed56e8fe17a25ad9dc14f8bac
    • Opcode Fuzzy Hash: 7839923915b54ccd444017b99e60d40729f2a88542ddae82a6a104defc2b9fca
    • Instruction Fuzzy Hash: E041E52261DE8181EA70DB55F4813AEA7A0FBC5B90F504136E6CD86BA9DF7DD444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA113C4 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA067C8: _Byte_length.LIBCPMTD ref: 00007FF61FA0683D
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA1145C
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA11485
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA114BA
    • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF61FA114E3
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 671395144-0
    • Opcode ID: a2eabdd9dc5393e67f603c023015b47ffa4236304cd481a36a5720d9b22a706f
    • Instruction ID: eab79fcc979dd3a16ddda114e713e62cfa09fa79b8ef229e48706db4ba4b05bf
    • Opcode Fuzzy Hash: a2eabdd9dc5393e67f603c023015b47ffa4236304cd481a36a5720d9b22a706f
    • Instruction Fuzzy Hash: E541F53260DE8281DA60EB11F4513AEB7B0FBC5BA4F404236E6CD83A6ADE3CD545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA089C4 Relevance: 6.1, APIs: 4, Instructions: 82COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWorkchar_traits$AllocateMax_valueMin_valueallocator
    • String ID:
    • API String ID: 1831785690-0
    • Opcode ID: ed6f7bd1d897954e5f091512b997b9bdb1f5d8a4f886c515aace05bc489731b0
    • Instruction ID: 41b09db3d4a85e734e3ba44ed20f579f9b2bcc791577ce59a0ac22465995a075
    • Opcode Fuzzy Hash: ed6f7bd1d897954e5f091512b997b9bdb1f5d8a4f886c515aace05bc489731b0
    • Instruction Fuzzy Hash: 5D41BC2661DF45C1DA20DB16F45016EB7A1FBD9BA4F100225FACE87B6ADE2CD5408B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB050C8 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ByteCharMultiReentrantWide$Concurrency::details::Concurrency::details::_EmptyLockLock::_Queue::StructuredWorkchar_traits
    • String ID:
    • API String ID: 2978744935-0
    • Opcode ID: d04af245398bf49d9d07626a602a833145bf612da98adbd9976a8eb6ea1b5628
    • Instruction ID: 4d7de431575c68919cbaf38710074aedff615f776157c27812f1adb56ee929e1
    • Opcode Fuzzy Hash: d04af245398bf49d9d07626a602a833145bf612da98adbd9976a8eb6ea1b5628
    • Instruction Fuzzy Hash: 66310232618A8586D760EB15E4902AEB7B1FBC5B90F505136F68EC7AA9DF3CD8448B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB913C Relevance: 6.1, APIs: 4, Instructions: 68COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code
    • String ID:
    • API String ID: 3515428489-0
    • Opcode ID: faf373788893a7c9efa5d519477a8325277258e667705f96d1e9e70bd9fb347e
    • Instruction ID: 07cccaf68c8da010645617473f9bb72e2ba68246fb767abfb83cc44aa806c9f5
    • Opcode Fuzzy Hash: faf373788893a7c9efa5d519477a8325277258e667705f96d1e9e70bd9fb347e
    • Instruction Fuzzy Hash: C9314F22E0CAC5C1E6219B25E4512BE7760FBD4F54F50D232EACEC26A6DF2CD585D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA14A84 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
    Download Yara Rule
    APIs
    • shared_ptr.LIBCMTD ref: 00007FF61FA14AD0
      • Part of subcall function 00007FF61FA13994: _Ptr_base.LIBCMTD ref: 00007FF61FA139A2
    • UnDecorator::getCallIndex.LIBCMTD ref: 00007FF61FA14AE2
      • Part of subcall function 00007FF61FA15664: std::_Mutex_base::_Mutex_base.LIBCONCRTD ref: 00007FF61FA15674
      • Part of subcall function 00007FF61FA157CC: shared_ptr.LIBCMTD ref: 00007FF61FA157F1
      • Part of subcall function 00007FF61FA148CC: std::condition_variable::condition_variable.LIBCONCRTD ref: 00007FF61FA148E2
      • Part of subcall function 00007FF61FA148CC: UnDecorator::getCallIndex.LIBCMTD ref: 00007FF61FA148F3
      • Part of subcall function 00007FF61FA148CC: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1492B
    • Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack.LIBCPMTD ref: 00007FF61FA14B54
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA14BAE
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CallConcurrency::details::CreationDecorator::getEmptyIndexQueue::StructuredTaskWorkshared_ptr$CallstackCallstack::_Concurrency::details::_Mutex_baseMutex_base::_Ptr_basestd::_std::condition_variable::condition_variable
    • String ID:
    • API String ID: 1362007504-0
    • Opcode ID: 6e7c892f0b6c616ed43e5b681bb13cf483d3d4f8dd00b52c0d9bdcca4c3f85a0
    • Instruction ID: 7d31c59cf8f0e4c0781195950a19668b0fe151f6756ba5604ca2a4a6820cef09
    • Opcode Fuzzy Hash: 6e7c892f0b6c616ed43e5b681bb13cf483d3d4f8dd00b52c0d9bdcca4c3f85a0
    • Instruction Fuzzy Hash: F631A526A1DF85C2DA10DB2AE49135AB7A0FBC5B94F655225EBCD47B69CF3CC0118B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA01119 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorFileLastModuleName
    • String ID:
    • API String ID: 2776309574-0
    • Opcode ID: 9c51cd2129b73a2c44f857c22995b777653dcadb0bd74866323a7d2da5e3eee3
    • Instruction ID: 1de63034daad1a6d6c92aa7107df76361c0bca3aa7518cb2c9a790a5af9e6d4b
    • Opcode Fuzzy Hash: 9c51cd2129b73a2c44f857c22995b777653dcadb0bd74866323a7d2da5e3eee3
    • Instruction Fuzzy Hash: 59112E10B1DA2386FE68A67329912BD03C15F8AFF0F504638DC4ECBB96DDADA5434306
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB56058 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8455489dbd9890829cd4251edf2afaeec2d4e596356beae4302f7ed15a58225f
    • Instruction ID: 78d68a65a9a80991262ac5c6f5147560e51466e096f2be47664c2ef5ad1afb1b
    • Opcode Fuzzy Hash: 8455489dbd9890829cd4251edf2afaeec2d4e596356beae4302f7ed15a58225f
    • Instruction Fuzzy Hash: B131D676608A4586DB20DF15E49022AB7B1F7CAFA4F644125EB8D837B5CF3ED945CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB995C8 Relevance: 6.1, APIs: 4, Instructions: 60threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CloseCreateErrorFreeHandleLastLibraryThread
    • String ID:
    • API String ID: 3065451008-0
    • Opcode ID: c449ff6041592ea269df7a7d0bf986da82183d152634e8fe79f758e7d8afcb3f
    • Instruction ID: 1abd6ebce46cf6846e78501d212b14b6e84571fa6fbf0da23ea5de3caba4fd22
    • Opcode Fuzzy Hash: c449ff6041592ea269df7a7d0bf986da82183d152634e8fe79f758e7d8afcb3f
    • Instruction Fuzzy Hash: A1213EA5A09F4386EF65DF66A810179A3A4BF9AFE4F084531EE5E83755DE3CE4008B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB602C4 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Yarnstd::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskLocinfoLocinfo::_Locinfo::~_Locinfo_ctorstd::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 3663429535-0
    • Opcode ID: 7a40ec82af45e7394717ff97a4871fe7cf0e4dbf3ded7a2dc6e23c4145f5c0b2
    • Instruction ID: 02078e32348f4e24024891e485c3fd3a47a705011a0dfbc9853c4f64a13087ec
    • Opcode Fuzzy Hash: 7a40ec82af45e7394717ff97a4871fe7cf0e4dbf3ded7a2dc6e23c4145f5c0b2
    • Instruction Fuzzy Hash: FF215E62B09E8692EA70DB22E4502AD6370FF9AFE0F444532DA4D83B65EF3CE555C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB0817C Relevance: 6.1, APIs: 4, Instructions: 56COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$CallDecorator::getIndex
    • String ID:
    • API String ID: 1891894452-0
    • Opcode ID: ae15a27763a81654a64882c5a87387f9c8c5bc0a73319a526f9fc4dc6349b511
    • Instruction ID: 05b8687799c8aff3a02699f9eb043c275a4e5a8c575fdf4556326abc50bd2a13
    • Opcode Fuzzy Hash: ae15a27763a81654a64882c5a87387f9c8c5bc0a73319a526f9fc4dc6349b511
    • Instruction Fuzzy Hash: 5621C362A0DF8682CA10DF0AF89102EB774FBC6B94B500125EA8C83B2ACF7DD5158B04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAAD40C Relevance: 6.1, APIs: 4, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Decorator::getTableType$shared_ptr
    • String ID:
    • API String ID: 1434746064-0
    • Opcode ID: d9a48ce297595347852b7542c6b989681911152fe729e24da57381fc0442a5c6
    • Instruction ID: cc49ef2a7f09376b3f4522bca778197b0b7b992ce192b8fcc8fb5a3d13c11d86
    • Opcode Fuzzy Hash: d9a48ce297595347852b7542c6b989681911152fe729e24da57381fc0442a5c6
    • Instruction Fuzzy Hash: 3221E376618F81C6DA609B55E4843AEB7A0FB85B94F400226EACD83BA9DF3CD004CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB55F78 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e8916bf159e9ac9a6f9a3fd06cf6419914563cf430c25d1d1224debb7596430f
    • Instruction ID: ea5865b50899c463129d38defd493c79f0b297ff1b57377af6bb7dbfa358eaa4
    • Opcode Fuzzy Hash: e8916bf159e9ac9a6f9a3fd06cf6419914563cf430c25d1d1224debb7596430f
    • Instruction Fuzzy Hash: 3B21AA76608F8582DA209B19E48022EB770FBC6FA4F614121EB5D877B4CF3DD845CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA35188 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ConditionMask$InfoVerifyVersion
    • String ID:
    • API String ID: 2793162063-0
    • Opcode ID: 2c47f42350ea5d5b982a447d1edfc49a135ea2035072301aae8172b97379bed7
    • Instruction ID: d9d0849b93be7beaf34a8d61fbf5d936bed02aa67713f28cd349d556ac9e5080
    • Opcode Fuzzy Hash: 2c47f42350ea5d5b982a447d1edfc49a135ea2035072301aae8172b97379bed7
    • Instruction Fuzzy Hash: 8A115175A19A8286F770CB60F8153AB67A0FBC9B58F441135D58E87B94CF3DD0068F40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA04EC8 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ConditionMask$InfoVerifyVersion
    • String ID:
    • API String ID: 2793162063-0
    • Opcode ID: e6138556a1efd19b176fcceb808e6667075d0ade27e2476308213030d2da772a
    • Instruction ID: 0772aa39ce8cff67b5c5c1dfb35a741b8790a7c153c91cecd43f925e07d91369
    • Opcode Fuzzy Hash: e6138556a1efd19b176fcceb808e6667075d0ade27e2476308213030d2da772a
    • Instruction Fuzzy Hash: BF115175A19A8186F7709B60F4153AB67A0FBC9B98F041135E58E87B98CF7DD0068B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB0BF68 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Decorator::get$CallIndexTableType$atomicshared_ptr
    • String ID:
    • API String ID: 1458051566-0
    • Opcode ID: 2725802b0f2372a36bd606e39a6653b27bab0cdbef5edab3ab985289d966b938
    • Instruction ID: da0a0323498f3839f94756b498e1fe1543443ec447d204411abc8ce6c062d670
    • Opcode Fuzzy Hash: 2725802b0f2372a36bd606e39a6653b27bab0cdbef5edab3ab985289d966b938
    • Instruction Fuzzy Hash: 1A119336628E85C2DA60DB15E48115EB7B0FBC9B94F905226FB8E83B69DF7CD514CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA15870 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: strrchr$ConditionMask$InfoVerifyVersion
    • String ID:
    • API String ID: 1653918631-0
    • Opcode ID: 04d254f6ad14689120164e7c12305e668934a0f15d915a5dc5b1dcdbb1d2f5e9
    • Instruction ID: 9fa4a4d25f13a4916e200ba235deb9ec33d0e7b4fdecde723fa30f06f3818935
    • Opcode Fuzzy Hash: 04d254f6ad14689120164e7c12305e668934a0f15d915a5dc5b1dcdbb1d2f5e9
    • Instruction Fuzzy Hash: 7A11032261DAC1C6E7219B26E45026F7BB0EBC9B54F594271EBCCC775ACE2DD9009F10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA8402C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA84076
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA8408A
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: 3d25ebfde4fdf82c013dac3f3ca81c4ab9a5e8704e804c2c51199ff58bb1906e
    • Instruction ID: ea83a10558d4d1a516d0036d142464a4222dd8394fc9011f4649655ebb92e51a
    • Opcode Fuzzy Hash: 3d25ebfde4fdf82c013dac3f3ca81c4ab9a5e8704e804c2c51199ff58bb1906e
    • Instruction Fuzzy Hash: F601123191CEC2C2E7619721E45532EA7A5F7C0B64F500634EA8EC66D5DFBDE4409700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA83F8C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA83FD6
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA83FEA
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: 8b6ba556f6cd6f08e67a73ba508b0e6a0a1d92a67115562793d66651439df852
    • Instruction ID: 3f57053150315e0e5da23d96b350e87746e4ecfa3d95f7d420c9fcb27cb033d2
    • Opcode Fuzzy Hash: 8b6ba556f6cd6f08e67a73ba508b0e6a0a1d92a67115562793d66651439df852
    • Instruction Fuzzy Hash: FE01213191CE86C1E7619711F45537BA7A1FBC0B69F500534EE8AC69E6DFBDE4409700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA09448 Relevance: 6.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$allocator
    • String ID:
    • API String ID: 426846764-0
    • Opcode ID: 9cb6827bbfb9900aca744ddb6db2218d2ccb26444e309b92a52cd9a00973674d
    • Instruction ID: 034d97950929228d3ac321e8c54ca6c82e5882100f9d5e8d9bca32ac989027aa
    • Opcode Fuzzy Hash: 9cb6827bbfb9900aca744ddb6db2218d2ccb26444e309b92a52cd9a00973674d
    • Instruction Fuzzy Hash: D101D66291CF81C1DA609B15F44116BB7B5FBC8B90F505222EACD86B6ADF2CD5548B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA0980C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$allocator
    • String ID:
    • API String ID: 426846764-0
    • Opcode ID: c33b84d1316d62837a2b4b6d8e53429aff5aa37773a95b87a8511e38d09a3789
    • Instruction ID: d91e64d1587b2f1de62b12b2301c0cb2334b9d80a05b7a624afbde57060f80b8
    • Opcode Fuzzy Hash: c33b84d1316d62837a2b4b6d8e53429aff5aa37773a95b87a8511e38d09a3789
    • Instruction Fuzzy Hash: 7E01F77290CF45C1EA10DB15F44006ABBA1FBC8BD0F505222EACD86BAADF2CE555CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB415EC Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB41617
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB41626
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB4163F
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FB41649
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork
    • String ID:
    • API String ID: 1865873047-0
    • Opcode ID: 2324f0a145ec05bf7227f25c90207abc96f05f63bc1d0391d899ea618f544a6e
    • Instruction ID: 3c3afc649dde717d1ce8ce31d47be7db58df9850257390983585f26fffde2148
    • Opcode Fuzzy Hash: 2324f0a145ec05bf7227f25c90207abc96f05f63bc1d0391d899ea618f544a6e
    • Instruction Fuzzy Hash: A6017522A1CD85C1DA20EB15E85107EB774FBCAB94F200231EBCDC7A6ACE2DD8518B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FADDFF0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Process$CloseCurrentHandleOpenTerminate
    • String ID:
    • API String ID: 983841585-0
    • Opcode ID: b6fa7324bb47e4de1743f64c795facd413bcc8d7e4357fa86819002bf8cdf8b5
    • Instruction ID: 56c295577c569e7f2b2d894b419e4480d6ec4bd8bbe4d974e9576fd86218851d
    • Opcode Fuzzy Hash: b6fa7324bb47e4de1743f64c795facd413bcc8d7e4357fa86819002bf8cdf8b5
    • Instruction Fuzzy Hash: 3DF0C936608A4086E320EB51E44421AB7B0FBC9B98F504235EACD82B68CF3ED5458B04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAA81E4 Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWorkswap$type_info::_name_internal_method
    • String ID:
    • API String ID: 1925884564-0
    • Opcode ID: 604a8e37bb02c3f48fa5f7f84cb075de9edf9073d67df995e50ff083b4e8316c
    • Instruction ID: e379decef17f52f26bc29a4806509dd0114c9fbbd8d8098be3a012bd201d4e5f
    • Opcode Fuzzy Hash: 604a8e37bb02c3f48fa5f7f84cb075de9edf9073d67df995e50ff083b4e8316c
    • Instruction Fuzzy Hash: C9F0BD62A1CE85C1CA20EB15F45106EB7B4FBC9BD8F404235EACD87B2ADE3CD1518B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA95898 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptr$Reentrant$CallConcurrency::details::_Decorator::getIndexLockLock::_Ptr_base
    • String ID:
    • API String ID: 2706355319-0
    • Opcode ID: 73ea0fe5ccd84141d38dd4576006b090cbeac37d29cd34b2f9da22210b701ab0
    • Instruction ID: bcecf1c964c03422523b5628415a9a0fe28a0a95e273fd25587f9616230de093
    • Opcode Fuzzy Hash: 73ea0fe5ccd84141d38dd4576006b090cbeac37d29cd34b2f9da22210b701ab0
    • Instruction Fuzzy Hash: 03E03965A3DB8582DE40EB1AE09652EA330FF81F84F802125FA8E1B716CE3CC0118B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB11F98 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID: bad conversion
    • API String ID: 0-2629740042
    • Opcode ID: 0d5fa81d124730f4ab42eb8fe144e55472ee71772ded6bcc060b614bb0fb55df
    • Instruction ID: 7809328ee5de4f1c813d54b051127dda6c723f1d67203643a2484282a10b51cd
    • Opcode Fuzzy Hash: 0d5fa81d124730f4ab42eb8fe144e55472ee71772ded6bcc060b614bb0fb55df
    • Instruction Fuzzy Hash: 4F91C76260DAC685EA70DB15E4503AEB3B0FB86B90F504532DA8EC3BA9DF2DD454DB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB15CB4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 174COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID:
    • String ID: bad conversion
    • API String ID: 0-2629740042
    • Opcode ID: 1ef3de448d04a9d698edf92ac4899879cc993641e41d8012e4b0f0978f56d2d8
    • Instruction ID: 7c5b19882dd4b16f00df840fc536476e43781b5ac164597af510afb5d4331e7b
    • Opcode Fuzzy Hash: 1ef3de448d04a9d698edf92ac4899879cc993641e41d8012e4b0f0978f56d2d8
    • Instruction Fuzzy Hash: 4F91D63260DAC685EA70DB15E4503AEB7B0FBC5B90F544136EA8E83BA9DF2DD444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA58E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method
    • String ID: unresolved reference token '
    • API String ID: 3713626258-2103110248
    • Opcode ID: e796e04f6151eddb41e6dc19cbf70283f77129590b8cb7e6dc3ee354789d2b15
    • Instruction ID: 5fe219c530d354534234953c450647f327a3cdf43aab73e4a817010c08170973
    • Opcode Fuzzy Hash: e796e04f6151eddb41e6dc19cbf70283f77129590b8cb7e6dc3ee354789d2b15
    • Instruction Fuzzy Hash: A781CF3260DEC2C5DAB0DB15E4542AAB7A1FBC9BA5F400235EA8D87B69DE3CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF7F24 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12DA4: shared_ptr.LIBCMTD ref: 00007FF61FA12DCF
      • Part of subcall function 00007FF61FAF6AD0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FAF6B25
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF80DA
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF8048
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FAE2420: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF61FAE24D4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$Decorator::getTableTypeshared_ptr
    • String ID: *
    • API String ID: 1292913418-2301850246
    • Opcode ID: 4eaf53f9ef651c818785cff93ebe3a5c8ccbe1b87c86b3c8bb906f9c4bbff8a6
    • Instruction ID: 6055af585c15abe7828f7bd48ec9019eebdd640f801d84b9996962762bac6852
    • Opcode Fuzzy Hash: 4eaf53f9ef651c818785cff93ebe3a5c8ccbe1b87c86b3c8bb906f9c4bbff8a6
    • Instruction Fuzzy Hash: CE61E37261DEC5D1EA60EB55E4913EEA3A0FBC5B90F405236E68D87B6ADE3CD504CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA8E5C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: _get_daylight
    • String ID: ?
    • API String ID: 4143689357-1684325040
    • Opcode ID: b1628f2b3c0ea389d05194c5f8ea092f03f1402274f81827ac772289c64eb06b
    • Instruction ID: 898d00bd992e939bb439f5f62b674e6f6e2c895b5a5bf0e12b98084da7dc5622
    • Opcode Fuzzy Hash: b1628f2b3c0ea389d05194c5f8ea092f03f1402274f81827ac772289c64eb06b
    • Instruction Fuzzy Hash: F441F322A18A8296FB74DB25A80137A67E1EF92FB4F144235EE5C86EE5DF3DD4418700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABDC78 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: shared_ptrstd::make_error_code
    • String ID: asio connection handle_post_init$post_init cancelled
    • API String ID: 1805382672-3139115939
    • Opcode ID: 64bc827d0b50d63b91dc1799f12669828528009e928989a92e0d442bdbf60ff5
    • Instruction ID: d8ba1268022b05cd174862a3717225d09923f378eb895a8f4078ea5b46fa8c47
    • Opcode Fuzzy Hash: 64bc827d0b50d63b91dc1799f12669828528009e928989a92e0d442bdbf60ff5
    • Instruction Fuzzy Hash: D2510F61A0DE86C1EA60EB21E4513BE73A0FFC1B94F408131EACDC7B9ADE2CD4158B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FBA3FF4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: aaf975220350eb79afdb3f9ba174f348805acff6298b9fd755d8aea34cc64695
    • Instruction ID: 688cf16098517e4e8b4adfc4c42cbefdbafd060eba040c1e2151661e1e74abfa
    • Opcode Fuzzy Hash: aaf975220350eb79afdb3f9ba174f348805acff6298b9fd755d8aea34cc64695
    • Instruction Fuzzy Hash: E8419172A19A8181DB70CF65E4443AA67A0FB99BE4F404031EE4EC7BA8DF7CD441CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAB93B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: char_traitsstd::error_condition::error_conditionstd::make_error_codetype_info::_name_internal_method
    • String ID: Sec-WebSocket-Protocol
    • API String ID: 3370376516-2534753457
    • Opcode ID: 0bbf7930653d6377fc0f89965fe874489f63781d1a1b80c50c234f3603611481
    • Instruction ID: c1a7a35a8fab38bdb22db3618a4ab6398b5ffcc15bd4e6afec5eef343f4f5841
    • Opcode Fuzzy Hash: 0bbf7930653d6377fc0f89965fe874489f63781d1a1b80c50c234f3603611481
    • Instruction Fuzzy Hash: E8413D7161CE86D1EA60DB11E4513BE77A0FBC5B94F805632E5CEC6AAADF2CD509CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA4DA58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
    Download Yara Rule
    APIs
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA4DB28
    • Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF61FA4DBB0
      • Part of subcall function 00007FF61FA3D9A8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3DA97
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::cancellation_token::_ExceptionFileFromHeaderImplRaisetype_info::_name_internal_method
    • String ID: excessive object size:
    • API String ID: 650978909-3718820671
    • Opcode ID: 3de8a3f8537c3396bc2674960429b5b6dc531ee5296169ba4416232732860414
    • Instruction ID: fdfac95884f9fecb7c96dcc2b419d1531c181ca759e23a490116bb519bebb7b9
    • Opcode Fuzzy Hash: 3de8a3f8537c3396bc2674960429b5b6dc531ee5296169ba4416232732860414
    • Instruction Fuzzy Hash: 6541E872619F8581DA60DB15E4513EEB7A0FBC9BA4F404232E6CD87BAADF6CD055CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA4D6E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
    Download Yara Rule
    APIs
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA4D7B8
    • Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF61FA4D840
      • Part of subcall function 00007FF61FA3D9A8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3DA97
      • Part of subcall function 00007FF61FB83410: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB83454
      • Part of subcall function 00007FF61FB83410: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF61FB821FF), ref: 00007FF61FB8349A
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::cancellation_token::_ExceptionFileFromHeaderImplRaisetype_info::_name_internal_method
    • String ID: excessive array size:
    • API String ID: 650978909-2345381964
    • Opcode ID: 4c426394b4b11002943c3df37b8a322b6e18bbfa94d7f68f2a372d13cea7f55f
    • Instruction ID: 45829ef4cdd6272ee949446a196b30de53ff1896388989aa60c125b6e0f5232f
    • Opcode Fuzzy Hash: 4c426394b4b11002943c3df37b8a322b6e18bbfa94d7f68f2a372d13cea7f55f
    • Instruction Fuzzy Hash: 8D41E672619F8581DA60DB15E4513EEB7A0FBC9BA4F404232E6CD87BAADF2CD055CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABCC44 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code
    • String ID: )
    • API String ID: 3515428489-2427484129
    • Opcode ID: a472c1c47a7706cfa1c36f3e1399a2eb7136b6d6bd99fa084d8e67e616972db0
    • Instruction ID: cbec317afae95028936316684c5377cba4dec69a3205b0ce64db957ec7a9c05d
    • Opcode Fuzzy Hash: a472c1c47a7706cfa1c36f3e1399a2eb7136b6d6bd99fa084d8e67e616972db0
    • Instruction Fuzzy Hash: 39413236A1CE85C6EA609A25E44076A7BA1FBD1BB4F104735E69DC7AE9CF3CD441CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAF5604 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF57B4
    • type_info::_name_internal_method.LIBCMTD ref: 00007FF61FAF57F8
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
    • String ID: extensions$name
    • API String ID: 1744367693-1311653554
    • Opcode ID: f030a8a16f0d0907e1851435d617b947b65c605fa6f458f79f5337eb72961492
    • Instruction ID: 6771eb6d912cbd13334f84ad04a6a04e6fb3a6c0fd57c40319b9d8ecdd820666
    • Opcode Fuzzy Hash: f030a8a16f0d0907e1851435d617b947b65c605fa6f458f79f5337eb72961492
    • Instruction Fuzzy Hash: E941ED7261DEC2D1DAA0DB15F4502EEB364EBC5750F805132E6CDC6A6AEE6CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA3DAE8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA4ABD4: Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF61FA4AC13
      • Part of subcall function 00007FF61FA4ABD4: Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF61FA4AC48
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA3DC63
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::cancellation_token::_Concurrency::details::EmptyFromImplQueue::StructuredWork$char_traits
    • String ID: parse error$parse_error
    • API String ID: 2308148462-1820534363
    • Opcode ID: 6dd169056513b08aa5f73902130611862fc7875d21d24e026aee220fe7dd4058
    • Instruction ID: 9ccc46d9e26672d8c7a85c41d5c11da6aad6adaa123302b5358cba16171024c4
    • Opcode Fuzzy Hash: 6dd169056513b08aa5f73902130611862fc7875d21d24e026aee220fe7dd4058
    • Instruction Fuzzy Hash: 4141B032619FC5C5DA609B15E8813DAB3A4F7C9BA4F400226EACC83B69DF3CD554CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA68728 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • allocator.LIBCPMTD ref: 00007FF61FA6877C
      • Part of subcall function 00007FF61FA611D0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF61FA611E8
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA68809
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_SchedulerScheduler::_allocatorchar_traits
    • String ID: serverHeaders
    • API String ID: 2579166689-3102845020
    • Opcode ID: 0443c1721fb15818f056ae7d697badbd10e78859e25d66314d5e3e3018971cdf
    • Instruction ID: 591d821d36974695aafba67dd4eca3809933c707f7a3031071bef966ff04d5e0
    • Opcode Fuzzy Hash: 0443c1721fb15818f056ae7d697badbd10e78859e25d66314d5e3e3018971cdf
    • Instruction Fuzzy Hash: B141D07265DE81D1EA60EB15E4512EEB774FBC5BA0F801232E68DC3A6ADF2CD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAD602C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: CompletionPostQueuedStatus
    • String ID: M'
    • API String ID: 2005739868-2701432540
    • Opcode ID: e3605aeb67910628b94f2ee50d92c70389a2a5141df765c9711ade70d6376df4
    • Instruction ID: 40928d83b65db9262f18005592901a13f02a821e46f510f9ce3b7b9ef8a1e93c
    • Opcode Fuzzy Hash: e3605aeb67910628b94f2ee50d92c70389a2a5141df765c9711ade70d6376df4
    • Instruction Fuzzy Hash: 6F41A17A60CBC5C6DB609B16E48076AB7A1FBC5B94F108126EECC83B69DF3DD4448B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC9E2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Ptr_base
    • String ID: D:\a\neutralinojs\neutralinojs\lib\asio\include\asio/impl/cancellation_signal.ipp$handler_
    • API String ID: 897191226-1924066585
    • Opcode ID: 6dbb9828c59fae15f92ff8156623058130d271feb90555a211e884531b538269
    • Instruction ID: 3971519da94192f630098883bba8906e21129c0c289cdffe7d0ff4381e70b981
    • Opcode Fuzzy Hash: 6dbb9828c59fae15f92ff8156623058130d271feb90555a211e884531b538269
    • Instruction Fuzzy Hash: 4941B52661CFC5C1DB619B19E48039ABBA0F7C9B94F548226EACD83B69DF3CD544CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA688C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA12F1C: char_traits.LIBCPMTD ref: 00007FF61FA12F48
      • Part of subcall function 00007FF61FA12DA4: shared_ptr.LIBCMTD ref: 00007FF61FA12DCF
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FA6896F
      • Part of subcall function 00007FF61FA16550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA1656B
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FA689E9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::$ProcessorProxyRoot::SchedulerVirtual$EmptyQueue::StructuredWorkchar_traitsshared_ptr
    • String ID: extensionId=([\w.]+)
    • API String ID: 372975221-2062901486
    • Opcode ID: fe75a849a9b323edd6f4f2a9b5dc9a5652466906ea3a5efeff904de3e394fe70
    • Instruction ID: dc5a45b055f451b29051754e8997d7cf9494127b07fbfd3d908df1950135e074
    • Opcode Fuzzy Hash: fe75a849a9b323edd6f4f2a9b5dc9a5652466906ea3a5efeff904de3e394fe70
    • Instruction Fuzzy Hash: 0431107261CEC2C1DA20DB25E4513EE77A0FBC5B94F401232E68D83AAADF6DD545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FACC9E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61FA173A0: type_info::_name_internal_method.LIBCMTD ref: 00007FF61FA173D4
      • Part of subcall function 00007FF61FA166A0: _Ptr_base.LIBCMTD ref: 00007FF61FA166AE
    • shared_ptr.LIBCMTD ref: 00007FF61FACCD40
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    • std::make_error_code.LIBCPMTD ref: 00007FF61FACCC4E
      • Part of subcall function 00007FF61FAC5A4C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A6A
    • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF61FACCC5C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::Concurrency::details::_CriticalLock::_ProcessorProxyPtr_baseReentrantRoot::SchedulerScoped_lockScoped_lock::_Virtualshared_ptrstd::error_condition::error_conditionstd::make_error_codetype_info::_name_internal_method
    • String ID: Bad request: failed to parse uri
    • API String ID: 4223512716-992921728
    • Opcode ID: 3dda577189fbc06e78143d671bc0f1c50108551bae778517efefe0c05647f5b6
    • Instruction ID: 08953abfb96c8531233769d34c94105d410aba9fb9ea7888d90a676db5fe55f9
    • Opcode Fuzzy Hash: 3dda577189fbc06e78143d671bc0f1c50108551bae778517efefe0c05647f5b6
    • Instruction Fuzzy Hash: 1A312962A08FC581EA70EB15E8553EF6360FFC5B91F804131DA8D87B9AEE3CD1028B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAC12D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::make_error_code$std::error_condition::error_condition
    • String ID: asio handle_timer
    • API String ID: 2527301759-3896293963
    • Opcode ID: b77d159baec1bb8d414373d99e6d9e53ae1ebb1383b3b4b77986acee4d141a1e
    • Instruction ID: c583f6d89150edaa9e1860ce50aaff8748f16e89e97ba0113759c2e47f53008f
    • Opcode Fuzzy Hash: b77d159baec1bb8d414373d99e6d9e53ae1ebb1383b3b4b77986acee4d141a1e
    • Instruction Fuzzy Hash: C921EC61A1DE82C4E660EB11E4913BE6360FBC5BA4F904231E6CDC7B9ACF2CD545CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAA4E93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Find_elemshared_ptrtype_info::_name_internal_method
    • String ID: 0123456789ABCDEFabcdef-+Xx
    • API String ID: 3512024561-2799312399
    • Opcode ID: 3bf5c45372c996a300e11e6673d0dcdd21d7224594d4ae378f0fdc34cd304e23
    • Instruction ID: 443211919004b651fbed9740a27dab44790e33176535fe1e65b401e7c244ec8d
    • Opcode Fuzzy Hash: 3bf5c45372c996a300e11e6673d0dcdd21d7224594d4ae378f0fdc34cd304e23
    • Instruction Fuzzy Hash: 53212F2251DEC1C4D6619B25E4902BEBBA4E785F94F405132FACEC7B6ADF2CD145CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FABD854 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
    Download Yara Rule
    APIs
    • std::make_error_code.LIBCPMTD ref: 00007FF61FABD8BF
      • Part of subcall function 00007FF61FAC5A1C: std::error_condition::error_condition.LIBCPMTD ref: 00007FF61FAC5A3A
      • Part of subcall function 00007FF61FAD9210: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF61FAD922F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_std::error_condition::error_conditionstd::make_error_code
    • String ID: asio async_write$handle_async_write called with null write handler
    • API String ID: 2934437415-1538545544
    • Opcode ID: 6884ade1b7d2e0da8d738f30c34185053eff00249cf15d84570de54b59dda15e
    • Instruction ID: 3357d6a7bf5b6362941dfe1c1bb3a22f4fea65600d609861d5d9e159af8b1519
    • Opcode Fuzzy Hash: 6884ade1b7d2e0da8d738f30c34185053eff00249cf15d84570de54b59dda15e
    • Instruction Fuzzy Hash: 2B113E6290CF86C1EA10EB11E4512AA7760FFC5B94F504231E6CD877AADE3CE545CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA4DDEC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF61FA4DE0E
      • Part of subcall function 00007FF61FB5DAB4: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FB5DAC0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: Concurrency::details::EmptyQueue::StructuredWorkstd::bad_exception::bad_exception
    • String ID: invalid stoi argument$stoi argument out of range
    • API String ID: 3956409420-1606216832
    • Opcode ID: 1c2c8acd3979e7586b084c16c2bd6f4f14fb8ebb28e5c75e5b4c42278ceac4a8
    • Instruction ID: 13c40d1d4c281fc7bde6898ff77957b7b37a01cccd6f86ec58b9334fc271622c
    • Opcode Fuzzy Hash: 1c2c8acd3979e7586b084c16c2bd6f4f14fb8ebb28e5c75e5b4c42278ceac4a8
    • Instruction Fuzzy Hash: 3211163261CE81C5DA60DB15E49122EBBA0FBC8BA4F400131F68D83B69DF3CD550CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB143F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: ErrorInfoshared_ptr
    • String ID: RoOriginateLanguageException$combase.dll
    • API String ID: 1212749161-3996158991
    • Opcode ID: ed0300733706c685f9ea81c63fb27a78bd087b02c33aa899fe094ae62a34a18a
    • Instruction ID: 38726202ae0dc61c3acd170c94169e9fab81ceaed8236272e4e8ad316ab45099
    • Opcode Fuzzy Hash: ed0300733706c685f9ea81c63fb27a78bd087b02c33aa899fe094ae62a34a18a
    • Instruction Fuzzy Hash: F8018862A1CD4691DA20EB14F4510AE7771FF997A4F904036E58DC367ADE7CD205CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FAFC19C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: AddressLibraryLoadProc
    • String ID: uxtheme.dll
    • API String ID: 2574300362-291804724
    • Opcode ID: 5c61718095510b9ac713188ccb3313027b761b7a258fe977ed229a050be7a38d
    • Instruction ID: b653bfca953781266ec26f5f408cf2acc1d80014045ea80f38a4727f28bab539
    • Opcode Fuzzy Hash: 5c61718095510b9ac713188ccb3313027b761b7a258fe977ed229a050be7a38d
    • Instruction Fuzzy Hash: 3DF06211D1CE81C5F7B09715E40436E67A0FF85BA8F440234E2CE9A698CF7CD255CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FA95348 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
    Download Yara Rule
    APIs
    • std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FA9536B
      • Part of subcall function 00007FF61FA965E0: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FA965F8
    • std::_Xinvalid_argument.LIBCPMTD ref: 00007FF61FA95376
      • Part of subcall function 00007FF61FA8D24C: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF61FA8D25F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: std::bad_exception::bad_exception$Xinvalid_argumentstd::_
    • String ID: address_v4 from unsigned integer
    • API String ID: 90901538-2625972073
    • Opcode ID: 6f2134d24c84d409c475419f055fcf32848813fbd6352b3a6588fad9ffd68869
    • Instruction ID: 2ec684e4ab2440c615ffde0971071a1c0fd252b3cd425b4ebf87ae240538d620
    • Opcode Fuzzy Hash: 6f2134d24c84d409c475419f055fcf32848813fbd6352b3a6588fad9ffd68869
    • Instruction Fuzzy Hash: F6F0FE72A1CE42D6DA10EB64E45106AB760FFD4764F404231E29DC27AADF6CD504CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61FB1857C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
    Download Yara Rule
    APIs
    • GetEnvironmentVariableA.KERNEL32(?,?,?,?,?,?,00007FF61FB18626,?,?,?,?,?,?,00007FF61FB186C0), ref: 00007FF61FB1859F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2165352396.00007FF61FA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF61FA00000, based on PE: true
    • Associated: 00000000.00000002.2165333764.00007FF61FA00000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165482578.00007FF61FBD1000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165525227.00007FF61FC29000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165543166.00007FF61FC2B000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165562454.00007FF61FC35000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2165580556.00007FF61FC3A000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61fa00000_2Dhg4Ngjrv.jbxd
    Similarity
    • API ID: EnvironmentVariable
    • String ID: 2$user-PC
    • API String ID: 1431749950-124180209
    • Opcode ID: c2389ecaa9e6e007db69ef48abcdebef0e55212646ea87b42bcfb1776cad3e2a
    • Instruction ID: 101b5eea6d568a2bc4b8e8244db5514522555e94b8c089e2096e288b5445d484
    • Opcode Fuzzy Hash: c2389ecaa9e6e007db69ef48abcdebef0e55212646ea87b42bcfb1776cad3e2a
    • Instruction Fuzzy Hash: 81E0EC60F1CA8695E720DB10F8446267774FB45FA0F904435DA4D826A4DF6CD64ADB00
    Uniqueness

    Uniqueness Score: -1.00%