Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1431662
MD5:acfc823a15fbc0247f1974b9a7dc7cf8
SHA1:3289cb74a353915117e7b1649acbff7449068018
SHA256:2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81
Tags:exe
Infos:

Detection

PureLog Stealer, RedLine, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\file.exe" MD5: ACFC823A15FBC0247F1974B9A7DC7CF8)
    • MSBuild.exe (PID: 7304 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • conhost.exe (PID: 7316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    file.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
      file.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        file.exeMALWARE_Win_zgRATDetects zgRATditekSHen
        • 0x9f7ab:$s1: file:///
        • 0x9f6bb:$s2: {11111-22222-10009-11112}
        • 0x9f73b:$s3: {11111-22222-50001-00000}
        • 0x9dff0:$s4: get_Module
        • 0x9121a:$s5: Reverse
        • 0x2ebd8e:$s5: Reverse
        • 0x2eeb42:$s5: Reverse
        • 0x2eedb8:$s5: Reverse
        • 0x2ef09a:$s5: Reverse
        • 0x2ef119:$s5: Reverse
        • 0x2efce0:$s5: Reverse
        • 0x2efd61:$s5: Reverse
        • 0x906d8:$s6: BlockCopy
        • 0x94d41:$s7: ReadByte
        • 0x9f7bd:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  Click to see the 3 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.2.file.exe.3d67e10.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                    0.2.file.exe.3d67e10.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      0.2.file.exe.3d67e10.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        0.2.file.exe.3d67e10.1.raw.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                        • 0x510bb:$s1: file:///
                        • 0x50ff3:$s2: {11111-22222-10009-11112}
                        • 0x5104b:$s3: {11111-22222-50001-00000}
                        • 0x4dbc3:$s4: get_Module
                        • 0x48dc9:$s5: Reverse
                        • 0x49662:$s6: BlockCopy
                        • 0x48db1:$s7: ReadByte
                        • 0x510cd:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                        1.2.MSBuild.exe.400000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                          Click to see the 12 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Snort Signatures

                          No Snort rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Multi AV Scanner detection for submitted file
                          Source: file.exeReversingLabs: Detection: 18%
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4DD20 CryptReleaseContext,0_2_6CF4DD20
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4DEE0 CryptReleaseContext,0_2_6CF4DEE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4DE00 CryptGenRandom,__CxxThrowException@8,0_2_6CF4DE00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4D9D0 CryptAcquireContextA,GetLastError,0_2_6CF4D9D0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_6CF4DBB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF735E0 CryptReleaseContext,0_2_6CF735E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4D7F0 CryptReleaseContext,0_2_6CF4D7F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF4D7D3 CryptReleaseContext,0_2_6CF4D7D3
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.1660634540.00000000054E0000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1649795317.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1649795317.00000000042C2000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
                          Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: c:\Users\kkelsch\Documents\PushNotifications\PushSharp\PushSharp-master\PushSharp.Android\obj\Debug\PushSharp.Android.pdb source: file.exe
                          Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.1649795317.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1649795317.000000000437F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1660634540.000000000559A000.00000004.08000000.00040000.00000000.sdmp
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296B20
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296D38
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296D40
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 0529D24Ah0_2_0529D198
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 0529D24Ah0_2_0529D190
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296C28
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296C30
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0529573C
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296B19
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05295748
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0529D660
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296E48
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0529D658
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05296E50

                          Networking

                          barindex
                          Yara detected Generic Downloader
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.74799f.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPE
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                          Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                          Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
                          Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
                          Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\^q equals www.youtube.com (Youtube)
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\^q equals www.youtube.com (Youtube)
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,^q equals www.youtube.com (Youtube)
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `,^q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                          Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                          Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: file.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                          Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                          Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                          Source: file.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                          Source: file.exeString found in binary or memory: http://ocsp.digicert.com0
                          Source: file.exeString found in binary or memory: http://ocsp.digicert.com0A
                          Source: file.exeString found in binary or memory: http://ocsp.digicert.com0C
                          Source: file.exeString found in binary or memory: http://ocsp.digicert.com0X
                          Source: file.exeString found in binary or memory: http://ocsp.sectigo.com0
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: file.exeString found in binary or memory: http://www.digicert.com/CPS0
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: file.exeString found in binary or memory: https://android.apis.google.com/c2dm/send
                          Source: file.exeString found in binary or memory: https://android.googleapis.com/gcm/send
                          Source: file.exeString found in binary or memory: https://android.googleapis.com/gcm/sendAchannelSettings
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000325E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.s
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000325E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                          Source: file.exeString found in binary or memory: https://sectigo.com/CPS0
                          Source: file.exeString found in binary or memory: https://www.google.com/accounts/ClientLogin
                          Source: file.exeString found in binary or memory: https://www.security.us.panasonic.com
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000340E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_42a65c41-0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\TmpDA41.tmpJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\TmpDA31.tmpJump to dropped file

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: file.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                          Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                          Source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                          Source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                          .NET source code contains very large array initializations
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, Strings.csLarge array initialization: Strings: array initializer size 6160
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF1B6B00_2_6CF1B6B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6AC290_2_6CF6AC29
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF12D700_2_6CF12D70
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF44EE00_2_6CF44EE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF349700_2_6CF34970
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF34AC00_2_6CF34AC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF60B890_2_6CF60B89
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CEF8B300_2_6CEF8B30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF345500_2_6CF34550
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6A54D0_2_6CF6A54D
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CEF66500_2_6CEF6650
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CEFA7E00_2_6CEFA7E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CEFC7B00_2_6CEFC7B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF0A0C00_2_6CF0A0C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF463B00_2_6CF463B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF523100_2_6CF52310
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF51CA00_2_6CF51CA0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF33C900_2_6CF33C90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF65DD20_2_6CF65DD2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF45DD00_2_6CF45DD0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF45EB90_2_6CF45EB9
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF33E500_2_6CF33E50
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6BFF10_2_6CF6BFF1
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF69FFC0_2_6CF69FFC
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF458D50_2_6CF458D5
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF458D70_2_6CF458D7
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF458300_2_6CF45830
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6B9640_2_6CF6B964
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF69AAB0_2_6CF69AAB
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF334600_2_6CF33460
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF450500_2_6CF45050
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF452740_2_6CF45274
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF332600_2_6CF33260
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029C82C80_2_029C82C8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029CCAF80_2_029CCAF8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029CA7500_2_029CA750
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029C95600_2_029C9560
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029C13180_2_029C1318
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029C13280_2_029C1328
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029CC9B80_2_029CC9B8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029C17880_2_029C1788
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_052920F50_2_052920F5
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05292DC00_2_05292DC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05CA26F80_2_05CA26F8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05CA0EB30_2_05CA0EB3
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05CA09300_2_05CA0930
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05CA26F60_2_05CA26F6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0176E3E81_2_0176E3E8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0176E3D81_2_0176E3D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_017608781_2_01760878
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_017608681_2_01760868
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_01764DD01_2_01764DD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_01764DC01_2_01764DC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8A9781_2_07D8A978
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8D2881_2_07D8D288
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8DA181_2_07D8DA18
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8DA081_2_07D8DA08
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: SecurityJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CF590D8 appears 51 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CF5D520 appears 31 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CF59B35 appears 141 times
                          Source: file.exeStatic PE information: invalid certificate
                          Source: file.exe, 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRenowning.exe" vs file.exe
                          Source: file.exe, 00000000.00000002.1649795317.000000000444D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
                          Source: file.exe, 00000000.00000002.1662964336.00000000058F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                          Source: file.exe, 00000000.00000002.1647303689.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                          Source: file.exe, 00000000.00000002.1660634540.0000000005668000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
                          Source: file.exe, 00000000.00000000.1641315409.0000000000792000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebdzshell.dll4 vs file.exe
                          Source: file.exe, 00000000.00000000.1640845575.00000000003F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePushSharp.Android.dllD vs file.exe
                          Source: file.exe, 00000000.00000000.1640845575.00000000003F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLandingPage.resources.dllJ vs file.exe
                          Source: file.exe, 00000000.00000002.1660401430.0000000005280000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                          Source: file.exe, 00000000.00000002.1649795317.00000000042C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
                          Source: file.exe, 00000000.00000002.1648600967.0000000002B31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenamePushSharp.Android.dllD vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameLandingPage.resources.dllJ vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenamebdzshell.dll4 vs file.exe
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: file.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                          Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                          Source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                          Source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                          Source: file.exe, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                          Source: file.exe, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                          Source: file.exe, ZipInputStream.csCryptographic APIs: 'CreateDecryptor'
                          Source: file.exe, ZipFile.csCryptographic APIs: 'CreateDecryptor'
                          Source: file.exe, mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                          Source: file.exe, mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                          Source: file.exe, mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                          Source: file.exe, Module1.csCryptographic APIs: 'TransformFinalBlock'
                          Source: file.exe, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, Strings.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, mLrwBjaNEgFvrhaGTgv.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, Strings.csBase64 encoded string: 'GSk+Lyw0PSESIjU7AQ8FJDM7DA46MyEwJT0lBCEOAVU0QBUHLwJBVDAmGyERJAc5MSsRHTFAJhkuH1Nc'
                          Source: file.exe, FluentNotification.csSuspicious method names: .FluentNotification.WithPayload
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.mxs2He487yLyPej7FuR
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.gib6j7BP3UrwQuuuIsl
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.Kvp6hZBo0rZQ1tW7KhC
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.IeVRHc4OPjF13bbj2Xv
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.fkJ38lB4aH3JhZtBOvZ
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.AddCustom
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.QWEbdI4RQcuPofrYS7t
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.fGLMQQ4js68jWLKMC1V
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.QVydVeBmHlAoyn4U3px
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.ToJson
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.v7iwUlBneUhYfG8cNQX
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.tpX6CN4lF5C7NOImMS8
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.JyDU104XQRjbGF4bL63
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.avwpxq4vqSrK52US2Ce
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.b0WGLgBZOtIrZjVSJME
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.ToString
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.mxmwdH45VxOgV07CB2e
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.eQbAMeBB9E3OMkWRBej
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.A91vtk43r1fcYy1DMjS
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.LeLI094xyLbUHVLFjbm
                          Source: file.exe, AppleNotificationPayload.csSuspicious method names: .AppleNotificationPayload.RyQDRb4zwju0AUDiQow
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: *.sln
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSBuild MyApp.csproj /t:Clean
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /ignoreprojectextensions:.sln
                          Source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
                          Source: classification engineClassification label: mal100.troj.evad.winEXE@4/7@0/0
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7316:120:WilError_03
                          Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to behavior
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: file.exeReversingLabs: Detection: 18%
                          Source: file.exeString found in binary or memory: </InstallProperties>
                          Source: file.exeString found in binary or memory: <UpgradeCode Cpu="x86" Code="{B0A6978E-0C6D-4442-ADD0-8A658489D3B1}"/>
                          Source: file.exeString found in binary or memory: </Install>
                          Source: file.exeString found in binary or memory: </Install>
                          Source: file.exeString found in binary or memory: </Install>
                          Source: file.exeString found in binary or memory: <AdditionalArguments>/RULES=SCCCheckRules</AdditionalArguments>
                          Source: file.exeString found in binary or memory: <AdditionalArguments>/FEATURES=SQL_SHARED_MR /UIMODE=AutoAdvance</AdditionalArguments>
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: esdsip.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: file.exeStatic file information: File size 3948984 > 1048576
                          Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x39e600
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.1660634540.00000000054E0000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1649795317.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1649795317.00000000042C2000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
                          Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: MSBuild.exe, 00000001.00000002.1675298581.0000000004201000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: c:\Users\kkelsch\Documents\PushNotifications\PushSharp\PushSharp-master\PushSharp.Android\obj\Debug\PushSharp.Android.pdb source: file.exe
                          Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.1649795317.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1649795317.000000000437F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1660634540.000000000559A000.00000004.08000000.00040000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains method to dynamically call methods (often used by packers)
                          Source: file.exe, mEqmoE9UxRmX9ogcto.cs.Net Code: Type.GetTypeFromHandle(CfGIXtTdcZLAtxDM4Z.QKAJonITanbDi(16777452)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(CfGIXtTdcZLAtxDM4Z.QKAJonITanbDi(16777318)),Type.GetTypeFromHandle(CfGIXtTdcZLAtxDM4Z.QKAJonITanbDi(16777254))})
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, mLrwBjaNEgFvrhaGTgv.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                          .NET source code contains potential unpacker
                          Source: file.exe, hrwN54ssk66JhR0d65a.cs.Net Code: tsFkXCLB65 System.Reflection.Assembly.Load(byte[])
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, G8WxH38hhBnr1IE68vI.cs.Net Code: lrPIYdBHH0
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, G8WxH38hhBnr1IE68vI.cs.Net Code: kKcFHrrDYN
                          Source: file.exeStatic PE information: 0xBF7851EB [Sat Oct 17 18:52:27 2071 UTC]
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF0B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CF0B6C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5CC2B push ecx; ret 0_2_6CF5CC3E
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5D565 push ecx; ret 0_2_6CF5D578
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029C4DBC push es; retf 0_2_029C4DC3
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05293E80 pushad ; ret 0_2_05293E81
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05CA1EFC push ds; retf 0005h0_2_05CA1F06
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_057C17A8 push A8057895h; ret 1_2_057C17AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8A57F push dword ptr [esp+ecx*2-75h]; ret 1_2_07D8A583
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8C444 push esi; retf 1_2_07D8C447
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8B3DB push FFFFFF8Bh; retf 1_2_07D8B3DD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8B33E push FFFFFF8Bh; retf 1_2_07D8B349
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_07D8A1D7 push FFFFFF8Bh; iretd 1_2_07D8A1E8
                          Source: file.exe, AppleNotificationPayload.csHigh entropy of concatenated method names: 'AddCustom', 'ToJson', 'ToString', 'A91vtk43r1fcYy1DMjS', 'JyDU104XQRjbGF4bL63', 'fGLMQQ4js68jWLKMC1V', 'LeLI094xyLbUHVLFjbm', 'mxs2He487yLyPej7FuR', 'QWEbdI4RQcuPofrYS7t', 'mxmwdH45VxOgV07CB2e'
                          Source: file.exe, AppleNotification.csHigh entropy of concatenated method names: 'GetNextIdentifier', 'IsValidDeviceRegistrationId', 'ToString', 'ToBytes', 'BuildBufferFrom', 'JNVAK94EsfPTyuvbbUA', 'Vk5Zqf4dPZPA1otJEq9', 'GklYOJ4TZqlAUof1cRu', 'WeLw6b4fwnOono5BBMf', 'pHeIpB4eJ6iOmtHd4A3'
                          Source: file.exe, ApplePushService.csHigh entropy of concatenated method names: '_003C_002Ector_003Eb__1', 'zgEBFXPh6MpvacbiYZM', 'cXyil6Pw0O4KKR8THOv', 'e5UNlpPMU5NqZDZa7es', 'jMMkvJPGfD3lLF3W3gI', 'feedbackService_OnFeedbackReceived', 'lKbdTmBLdUffuNe7R5I', 'Np10dHBivAnHZcfs2Q7', 'MdMkR8BNJC2qhq1MHxs', 'rvk84MBQaojhGXXMYF4'
                          Source: file.exe, FeedbackService.csHigh entropy of concatenated method names: '_003CRun_003Eb__1', 'RaiseFeedbackReceived', 'RaiseFeedbackException', 'Run', 'Run', 'lNlAhaB0F5AAe8U1AuP', 'UDSKvVBIUFJWPbDrkRn', 'WwBeRYBrXwb95GLYIxS', 'jpxyibBMpknpkQvCWaU', 'SEgunHBGCNJpfAjj40o'
                          Source: file.exe, ApplePushChannel.csHigh entropy of concatenated method names: '_003CHandleFailedNotification_003Eb__c', 'r9SIBBPnk51Q61b7yX7', 'T2MUSHBzPfSOpFPh7ZP', 'FuugJcPmTRIoLmy2dsb', '_003Cconnect_003Eb__11', 'GsxhG7PZ2Q6ytnfhQvK', 'MCWRQ6PodVY6243i96R', 'r8BOuvPBjrS4x4PLEnx', 'kpw3UDPPxeaOhtG3Lem', 'SendNotification'
                          Source: file.exe, hrwN54ssk66JhR0d65a.csHigh entropy of concatenated method names: 'lLHifFIsCLsZtjvFfN0i', 'tsFkXCLB65', 'V2hk1qXaN6', 'BUES8OyM9iIbmNBwXyv', 'FLi5NcyG0c4dVWfmhxi', 'FKKXETyhhoaGaxCo6C7', 'K4abbDywNrOe63bpuG7', 'DLO4BPyD4pCrNhqGhGi', 'm6Fy8Eyp9m1M5miDfiV', 'wktEB7ybr4gY18uFFtV'
                          Source: file.exe, PushServiceBase.csHigh entropy of concatenated method names: 'UcuFN9ZXapVwNi0XyN2', 'Q4S1UHZj32Yy4PloCoW', 'Dispose', 'cmGjS9Z5VdLa20KG3P1', 'LgYUScZ8PIbcBXksi5I', 'aLDIirZRTMNhdaV55Q2', '_003CDoChannelWork_003Eb__13', 'L01hUlo6eof9ltBISov', 'knxSasoq8b7onw8Cg27', 'ypsRqsoSpDqLnTwO049'
                          Source: file.exe, DeflaterEngine.csHigh entropy of concatenated method names: 'Deflate', 'SetInput', 'NeedsInput', 'SetDictionary', 'Reset', 'ResetAdler', 'SetLevel', 'FillWindow', 'UpdateHash', 'InsertString'
                          Source: file.exe, InflaterHuffmanTree.csHigh entropy of concatenated method names: 'BuildTree', 'GetSymbol', 'vsIugAYc8C57tXBcC1x', 'fbGafZYYybKJDkDuIt5', 'eghv13Y9reVpSFoibc3', 'DU9RcyYdH8CjLEd7e0X', 'ISAgfGYT4WIUj7Kgrvf', 'aEMNspYEvE7IRXu3PkD'
                          Source: file.exe, Deflater.csHigh entropy of concatenated method names: 'Reset', 'Flush', 'Finish', 'SetInput', 'SetInput', 'SetLevel', 'GetLevel', 'SetStrategy', 'Deflate', 'Deflate'
                          Source: file.exe, DeflaterHuffman.csHigh entropy of concatenated method names: 'Reset', 'WriteSymbol', 'CheckEmpty', 'SetStaticCodes', 'BuildCodes', 'BuildTree', 'GetEncodedLength', 'CalcBLFreq', 'WriteTree', 'BuildLength'
                          Source: file.exe, Inflater.csHigh entropy of concatenated method names: 'Reset', 'DecodeHeader', 'DecodeDict', 'DecodeHuffman', 'DecodeChksum', 'Decode', 'SetDictionary', 'SetDictionary', 'SetInput', 'SetInput'
                          Source: file.exe, InflaterInputStream.csHigh entropy of concatenated method names: 'Skip', 'StopDecrypting', 'Fill', 'Flush', 'Seek', 'SetLength', 'Write', 'WriteByte', 'BeginWrite', 'Close'
                          Source: file.exe, DeflaterOutputStream.csHigh entropy of concatenated method names: 'Finish', 'EncryptBlock', 'InitializePassword', 'InitializeAESPassword', 'Deflate', 'Seek', 'SetLength', 'ReadByte', 'Read', 'BeginRead'
                          Source: file.exe, DiskArchiveStorage.csHigh entropy of concatenated method names: 'GetTemporaryOutput', 'ConvertTemporaryToFinal', 'MakeTemporaryCopy', 'OpenForDirectUpdate', 'Dispose', 'GetTempFileName', 'vPonPBwdYOHuCL0eod8', 'DCNJQ2wYBpQKW1JPccX', 'BboogRw9y9Nv4otFniG', 'y5QEqTwTAFHMPuAhRAn'
                          Source: file.exe, ZipHelperStream.csHigh entropy of concatenated method names: 'Flush', 'Seek', 'SetLength', 'Read', 'Write', 'Close', 'WriteLocalHeader', 'LocateBlockWithSignature', 'WriteZip64EndOfCentralDirectory', 'WriteEndOfCentralDirectory'
                          Source: file.exe, ZipConstants.csHigh entropy of concatenated method names: 'ConvertToString', 'ConvertToString', 'ConvertToStringExt', 'ConvertToStringExt', 'ConvertToArray', 'ConvertToArray', 'SoyvmnrSQXHymUZddxx', 'eiFvcTrFKvXVfU605wy', 'ygAdB8rVhpWw2iqmG1n', 'BV0iwkr196mkjmW7Y9W'
                          Source: file.exe, ZipInputStream.csHigh entropy of concatenated method names: 'GetNextEntry', 'ReadDataDescriptor', 'CompleteCloseEntry', 'CloseEntry', 'ReadByte', 'ReadingNotAvailable', 'ReadingNotSupported', 'InitialRead', 'Read', 'BodyRead'
                          Source: file.exe, ZipEntryFactory.csHigh entropy of concatenated method names: 'MakeFileEntry', 'MakeFileEntry', 'MakeDirectoryEntry', 'MakeDirectoryEntry', 'V1ra9Xebjyava3OELnx', 'QFgmEOeDTPTClm6VfnH', 'PZo5cQeppPn0vqYBVZG', 'jO3pYdec10dwQjcvWUb', 'rwB4NgeYjdNPBdHJyQl', 'CT35wHe9G5XiDDONgky'
                          Source: file.exe, ZipFile.csHigh entropy of concatenated method names: 'Compare', 'EcevwQhHFiPXX3WLp0g', 'OjuwKEh2D2LchZQHuQo', 'gCFfN1hWYVmnpN6TPDh', 'm8D8q6hg5ss3DCbBXuf', 'Il5K2vhs1AfYYU5eSiD', 'GetSource', 'vp1dpJhCQUrnq0UlQbL', 'HA8sCLh7MHCg840QF2W', 'h8InmNhKDH2BN3Da9MN'
                          Source: file.exe, ZipEntry.csHigh entropy of concatenated method names: 'HasDosAttributes', 'ForceZip64', 'IsZip64Forced', 'ProcessExtraData', 'ProcessAESExtraData', 'IsCompressionMethodSupported', 'Clone', 'ToString', 'IsCompressionMethodSupported', 'CleanName'
                          Source: file.exe, FastZip.csHigh entropy of concatenated method names: 'CreateZip', 'CreateZip', 'CreateZip', 'ExtractZip', 'ExtractZip', 'ExtractZip', 'ProcessDirectory', 'ProcessFile', 'AddFileContents', 'ExtractFileEntry'
                          Source: file.exe, WindowsNameTransform.csHigh entropy of concatenated method names: 'TransformDirectory', 'TransformFile', 'IsValidName', 'MakeValidName', 'zOdTXFkHxhTGpfHCxu7', 'iXwPdWk28n1mrPoFt9w', 'ugcyPZkWXpApkFKi6vr', 'Fm2v9LkJ3nj3OQ9Qd59', 'piwwP2kCBgYGn7lrC3t', 'ED2xDSk7n28FcDwnULN'
                          Source: file.exe, ZipOutputStream.csHigh entropy of concatenated method names: 'SetComment', 'SetLevel', 'GetLevel', 'WriteLeShort', 'WriteLeInt', 'WriteLeLong', 'PutNextEntry', 'CloseEntry', 'WriteEncryptionHeader', 'AddExtraDataAES'
                          Source: file.exe, ExtendedUnixData.csHigh entropy of concatenated method names: 'SetData', 'GetData', 'IsValidValue', 'BaqxTNfcEx1g2XquB3y', 'wWZGIefY4JyRcbaLsJx', 'Qw74tuf9smGdwcheAMF', 't4PgjTfdJo47OyMZ5d5', 'vWHor9fTxy6mqC77dsa', 'tIpL5EfEbdtVX8veE5c', 'x47lbCffgM6A9AowPPE'
                          Source: file.exe, ZipNameTransform.csHigh entropy of concatenated method names: 'TransformDirectory', 'TransformFile', 'MakeValidName', 'IsValidName', 'IsValidName', 'Q2XO37Tlj23gdM3gtr9', 'NQd2LgTvxD9VyyBSfb4', 'wi4WavTOoaPbpnocJ2C', 'DBuXOFTzSGTtxHdM1iv', 'vwkFoTEmI1lhQqDoHqC'
                          Source: file.exe, NTTaggedData.csHigh entropy of concatenated method names: 'SetData', 'GetData', 'IsValidValue', 'tAf0y1fC3chHhmbRb41', 'aRvWjqf7AwlK8Dd9i8J', 'KWBVoVfKfB9OaQaIIe1', 'UdJkFLfu5YLWZ644KU8', 'o5Dh4Mf6Gtp4UdZU3ch', 'n98E2qfqt3LjA7N7F4i', 'agoCUafSsSS1vad2LfG'
                          Source: file.exe, JwhvgedeRfwm9Lu09s.csHigh entropy of concatenated method names: 'w2hJonyyhqPlh', 'M1t21Hac1MiILf8Lnvg', 'jkb9gaaYXqp0FvqsB80', 'LWixwZapp3HsXwGSrhm', 'Lc9NjoabqXuEH4Rp9qC', 'VTjl18a9CaUbfiEe9VW', 'k2Ao5cadf1Jx43vSrtL'
                          Source: file.exe, mEqmoE9UxRmX9ogcto.csHigh entropy of concatenated method names: 'Q5MkM5QYd3', 'POW6qfaHnBBDfxdjtaM', 'aAmFOja29vwRElvkp5C', 'ELgtGSaWsbGEZhYea09', 'HhHXWnaJpOTpmLhYioN', 'AqY3WfaCE0Cw5YFaBpT', 'Fbn4fIa76Z9XXsyRrTf', 'ovGWF0aKYZyMlXD5ZtZ', 'bn9KpBau0ggioIE79To', 'fHSkdAnkJf'
                          Source: file.exe, MyProject.csHigh entropy of concatenated method names: 'Create__Instance__', 'Dispose__Instance__', 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Wl962VFDTKIUXWr02g', 'j9vB4MVJ5El7j4ViK1', 'svN1R119saW6aTRgVW', 'LZ4qmlLVN9VNBiX5EZ'
                          Source: file.exe, NJOADhoFiIhdt67r9V.csHigh entropy of concatenated method names: 'iLNJonyzdjW6o', 'obWuTEaxskfg8vDKAme', 'oFGbO4a8MptLRRprsXy', 'TpUDhraR7S6A2jWW39E', 'CMg69pa5fRxci8U06VA', 'D6dDPAaXEk2phB7l986', 'mLg3ohajjxyMZs6a3hL'
                          Source: file.exe, TarHeader.csHigh entropy of concatenated method names: 'GetName', 'Clone', 'ParseBuffer', 'WriteHeader', 'GetHashCode', 'Equals', 'SetValueDefaults', 'RestoreSetValues', 'ParseOctal', 'ParseName'
                          Source: file.exe, TarEntry.csHigh entropy of concatenated method names: 'Clone', 'CreateTarEntry', 'CreateEntryFromFile', 'Equals', 'GetHashCode', 'IsDescendent', 'SetIds', 'SetNames', 'GetFileTarHeader', 'GetDirectoryEntries'
                          Source: file.exe, TarOutputStream.csHigh entropy of concatenated method names: 'Seek', 'SetLength', 'ReadByte', 'Read', 'Flush', 'Finish', 'Close', 'GetRecordSize', 'PutNextEntry', 'CloseEntry'
                          Source: file.exe, TarArchive.csHigh entropy of concatenated method names: 'OnProgressMessageEvent', 'CreateInputTarArchive', 'CreateInputTarArchive', 'CreateOutputTarArchive', 'CreateOutputTarArchive', 'SetKeepOldFiles', 'SetAsciiTranslation', 'SetUserInfo', 'CloseArchive', 'ListContents'
                          Source: file.exe, TarInputStream.csHigh entropy of concatenated method names: 'CreateEntry', 'CreateEntryFromFile', 'CreateEntry', 'CreateEntry', 'CreateEntryFromFile', 'CreateEntry', 'b71kWNccJJlw1q2MkF2', 'C5ZclycYnKHBZRfDpZy', 'eRU5K8c93nX2A2Anuev', 'Flush'
                          Source: file.exe, FileSystemScanner.csHigh entropy of concatenated method names: 'OnDirectoryFailure', 'OnFileFailure', 'OnProcessFile', 'OnCompleteFile', 'OnProcessDirectory', 'Scan', 'ScanDir', 'HoXnhFTgPH1DRNrtF1f', 'PNjo2vTsm3vwqfVBnmK', 'V5uC81THXkVKPQ9s9NB'
                          Source: file.exe, NameFilter.csHigh entropy of concatenated method names: 'IsValidExpression', 'IsValidFilterExpression', 'SplitQuoted', 'ToString', 'IsIncluded', 'IsExcluded', 'IsMatch', 'Compile', 'H1iWXud0WeuK4es161l', 'yRtLuedIU4roFsUAfVW'
                          Source: file.exe, StreamUtils.csHigh entropy of concatenated method names: 'ReadFully', 'ReadFully', 'Copy', 'Copy', 'Copy', 'Cks3xEe4hdeBSBpkJ3t', 'qWwdKoemfTwqp0014Pn', 'Grg2LRenuycuTnvH4Kk', 'q3QLZ1eBQ3t7Ei2yeHA', 'eNxkjPePMETaTsvwgaq'
                          Source: file.exe, ZipAESTransform.csHigh entropy of concatenated method names: 'TransformBlock', 'GetAuthCode', 'TransformFinalBlock', 'Dispose', 'hvhHgyk0Q2Tvu6xV37x', 'OBZCLHkIS5kRvRBlDCT', 'PPhKgRkrZu3jJ2Y6FhM', 'Em623CkMD3YBZbBBUN4', 'sRwErhkGZmr6nExN3vK', 'jelERbkoT5fAw7WfXgs'
                          Source: file.exe, GZipInputStream.csHigh entropy of concatenated method names: 'Read', 'ReadHeader', 'ReadFooter', 'MTNjkbwjDQjjwwiuWbX', 'NKB2XqwxfAs3sX6lCvR', 'oO10yYw8acypvRE0QTD', 'DvSBqFwRenNVNWm1hnI', 'JA1Vyuw5mIcyBQlTWRv', 'zlpVk6wlqlBifAnmgqR', 'gGR7aiwv2KMSqusH68X'
                          Source: file.exe, GZipOutputStream.csHigh entropy of concatenated method names: 'SetLevel', 'GetLevel', 'Write', 'Close', 'Finish', 'WriteHeader', 'IGIxDdwSjG2F7yT5rjt', 'lXSG29wFESdHZZGFpgm', 'Q64lmDwVu6w9V9dfZ0Z', 'Ab3AVbw1Wn1Y8EtUVP9'
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, G8WxH38hhBnr1IE68vI.csHigh entropy of concatenated method names: 'uYP5UMy1hu', 'nt15Ceoiwh', 'opo5rgGLQg', 'gA95bU2ExD', 'Rks5BkBZi5', 'ADm5J0cpqR', 'NaM52ZqZyD', 'THoZbd2fUw', 'Y8N5itYb3g', 'Wb65MvkIMT'
                          Source: 0.2.file.exe.3d67e10.1.raw.unpack, mLrwBjaNEgFvrhaGTgv.csHigh entropy of concatenated method names: 'oQG8WrDol0', 'g38PJ8K3c0', 'jBH8UdC1PV', 'UlO8CDfJsQ', 'hcC8rW5pKa', 'mN58bMtfWM', 'ts3XxWXD9Z', 'OigaEK3D3W', 'jroa4iUVTS', 'B6saGICwMv'

                          Persistence and Installation Behavior

                          barindex
                          Installs new ROOT certificates
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7256, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE@\^Q
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE`,^Q
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 1130000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 2B30000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 2920000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1760000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 5200000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exe TID: 7260Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\file.exe TID: 7276Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7364Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe`,^q
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe@\^q
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-57729
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CF5948B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF0B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CF0B6C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CF5948B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CF5B144
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Allocates memory in foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                          Writes to foreign memory regions
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 462000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4BE000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 1091008Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000340E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
                          Source: MSBuild.exe, 00000001.00000002.1668686227.000000000340E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF584B0 cpuid 0_2_6CF584B0
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5A25A GetSystemTimeAsFileTime,__aulldiv,0_2_6CF5A25A
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1640845575.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Yara detected zgRAT
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPE

                          Remote Access Functionality

                          barindex
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1640845575.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Yara detected zgRAT
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.3d67e10.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.file.exe.3f0000.0.unpack, type: UNPACKEDPE
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF0A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CF0A0C0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		312
                          Process Injection                          		1
                          Masquerading                          		11
                          Input Capture                          		1
                          System Time Discovery                          		Remote Services11
                          Input Capture                          		22
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		LSASS Memory111
                          Security Software Discovery                          		Remote Desktop Protocol11
                          Archive Collected Data                          		1
                          Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                          Virtualization/Sandbox Evasion                          		Security Account Manager1
                          Process Discovery                          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                          Process Injection                          		NTDS31
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                          Deobfuscate/Decode Files or Information                          		LSA Secrets1
                          File and Directory Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
                          Obfuscated Files or Information                          		Cached Domain Credentials23
                          System Information Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Install Root Certificate                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                          Software Packing                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                          Timestomp                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                          DLL Side-Loading                          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe18%ReversingLabs
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%VirustotalBrowse

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          bg.microsoft.map.fastly.net0%VirustotalBrowse
                          fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://api.ip.sb/ip0%URL Reputationsafe
                          https://sectigo.com/CPS00%URL Reputationsafe
                          http://ocsp.sectigo.com00%URL Reputationsafe
                          http://www.tiro.com0%URL Reputationsafe
                          http://www.goodfont.co.kr0%URL Reputationsafe
                          http://www.goodfont.co.kr0%URL Reputationsafe
                          http://www.carterandcone.coml0%URL Reputationsafe
                          http://www.sajatypeworks.com0%URL Reputationsafe
                          http://www.typography.netD0%URL Reputationsafe
                          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                          http://www.sandoll.co.kr0%URL Reputationsafe
                          http://www.urwpp.deDPlease0%URL Reputationsafe
                          http://www.sakkal.com0%URL Reputationsafe
                          https://api.ip.s0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                          https://discord.com/api/v9/users/0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
                          http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                          https://discord.com/api/v9/users/0%VirustotalBrowse
                          http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
                          http://www.zhongyicts.com.cn1%VirustotalBrowse
                          http://www.founder.com.cn/cn0%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          bg.microsoft.map.fastly.net
                          		199.232.214.172
                          		truefalseunknown
                          fp2e7a.wpc.phicdn.net
                          		192.229.211.108
                          		truefalseunknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.comMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designersGMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://api.ip.sb/ipMSBuild.exe, 00000001.00000002.1668686227.000000000325E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://sectigo.com/CPS0file.exefalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/?MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ocsp.sectigo.com0file.exefalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers?MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.tiro.comMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://api.ip.sMSBuild.exe, 00000001.00000002.1668686227.000000000325E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/accounts/ClientLoginfile.exefalse
                                      		high
                                      http://www.fontbureau.com/designersMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.goodfont.co.krMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://android.apis.google.com/c2dm/sendfile.exefalse
                                          		high
                                          http://www.carterandcone.comlMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tfile.exefalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/cabarga.htmlNMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/cTheMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cnMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/frere-user.htmlMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#file.exefalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.security.us.panasonic.comfile.exefalse
                                                		high
                                                http://www.jiyu-kobo.co.jp/MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://discord.com/api/v9/users/MSBuild.exe, 00000001.00000002.1668686227.000000000330A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.galapagosdesign.com/DPleaseMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers8MSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.fonts.comMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.sandoll.co.krMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.urwpp.deDPleaseMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.zhongyicts.com.cnMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • 1%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.sakkal.comMSBuild.exe, 00000001.00000002.1677988340.00000000073D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    No contacted IP infos

                                                    General Information

                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                    Analysis ID:1431662
                                                    Start date and time:2024-04-25 15:37:07 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 7m 35s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:9
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:file.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.evad.winEXE@4/7@0/0
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:
                                                    • Successful, ratio: 96%
                                                    • Number of executed functions: 196
                                                    • Number of non-executed functions: 207
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 23.220.189.216, 52.165.165.26, 199.232.214.172, 192.229.211.108, 20.3.187.198
                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    15:37:55API Interceptor1x Sleep call for process: file.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    No context

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    fp2e7a.wpc.phicdn.nethttps://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                                                    • 192.229.211.108
                                                    http://seattlend.comGet hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    https://1drv.ms/o/s!AmFI0faGJpjZhESzK-ltQ-Z_UHmf?e=0OfhLSGet hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 192.229.211.108
                                                    http://185.172.128.63/v8sjh3hs8/index.phpGet hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    https://www.mavengroupglobal.uk/DYuPhO4h/v?url=qs6eqSurmcWXoQKf6zcjhg6iePdEghHaDt49dq0x39xgLRd6M1#qs6eqSurmcWXoQKf6zcjhg6iePdEghHaDt49dq0x39xgLRd6M1EFEEZ2FicmllbC5wYXJ2dWxlc2N1QGRldXRzY2hlYmFobi5jb20=Get hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    https://www.canva.com/design/DAGDNh45X_4/PPCLYIV4Y8uUaoEW7ZJrJQ/view?utm_content=DAGDNh45X_4&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    R0hb7jyBcv.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                    • 192.229.211.108
                                                    https://functional-adhesive-titanium.glitch.me/Get hashmaliciousUnknownBrowse
                                                    • 192.229.211.108
                                                    bg.microsoft.map.fastly.nethttps://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                                                    • 199.232.214.172
                                                    https://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                                                    • 199.232.214.172
                                                    http://seattlend.comGet hashmaliciousUnknownBrowse
                                                    • 199.232.214.172
                                                    PO_La-Tanerie04180240124.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                    • 199.232.214.172
                                                    BraveCrashHandler64.exeGet hashmaliciousUnknownBrowse
                                                    • 199.232.210.172
                                                    https://1drv.ms/o/s!AmFI0faGJpjZhESzK-ltQ-Z_UHmf?e=0OfhLSGet hashmaliciousUnknownBrowse
                                                    • 199.232.214.172
                                                    http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                    • 199.232.214.172
                                                    https://www.canva.com/design/DAGDNh45X_4/PPCLYIV4Y8uUaoEW7ZJrJQ/view?utm_content=DAGDNh45X_4&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                    • 199.232.214.172
                                                    R0hb7jyBcv.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                    • 199.232.210.172
                                                    https://bind.bestresulttostart.com/scripts/statistics.js?s=7.8.2Get hashmaliciousUnknownBrowse
                                                    • 199.232.214.172

                                                    ASNs

                                                    No context

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllMBSetup.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                      MBSetup.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                        file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                          file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                            qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                              SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                KqWnIt1164.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                  file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                    SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exeGet hashmaliciousGlupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                      80OrFCsz0u.exeGet hashmaliciousGCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse

                                                                        Created / dropped Files

                                                                        C:\Users\Public\Desktop\Google Chrome.lnk

                                                                        Download File
                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 11:02:30 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2106
                                                                        Entropy (8bit):3.4531466025221493
                                                                        Encrypted:false
                                                                        SSDEEP:48:8SedATkoGRYrnvPdAKRkdAs6IdAKRFdAKR/U:8Slt
                                                                        MD5:02C95AF041C4A6E57A71449185863B1F
                                                                        SHA1:96FF49F59CD2CF4871A36BE21042C669417BA88D
                                                                        SHA-256:1C97DCDE25190E9A3BE460EBDCCFCE5E13316A25BD571036435377DE199B4C32
                                                                        SHA-512:533B99ABC54ADEBBD4E5054A5F103747FDDD70793578C6975BFA62D486CBFAEF3D7BA216AB55BFE6548AAE760AD9BFC3F6F0D0F4F74883F799E2683141F8322E
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:L..................F.@.. ......,.....a.........q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.IDW5`....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWP`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWP`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWP`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDWI`..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.".-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MsBuild.exe.log

                                                                        Download File
                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1299
                                                                        Entropy (8bit):5.342376182732888
                                                                        Encrypted:false
                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4xLE4qE4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0H6
                                                                        MD5:D62639C5676A8FA1A0C2215824B6553A
                                                                        SHA1:544B2C6E7A43CE06B68DF441CC237AB7A742B5CD
                                                                        SHA-256:761379FF547D28D053F7683499D25F7F1B5523CC7262A2DA64AF26448F7E2D76
                                                                        SHA-512:5B46D1BDB899D8FA5C7431CA7061CDD1F00BE14CD53B630FAB52E52DA20F4B2BED405F932D7C0E9D74D84129D5BB5DE9B32CC709DA3D6995423E2ED91E92ACD3
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):522
                                                                        Entropy (8bit):5.358731107079437
                                                                        Encrypted:false
                                                                        SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                        MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                        SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                        SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                        SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):760320
                                                                        Entropy (8bit):6.561572491684602
                                                                        Encrypted:false
                                                                        SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                                        MD5:544CD51A596619B78E9B54B70088307D
                                                                        SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                                        SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                                        SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                        Joe Sandbox View:
                                                                        • Filename: MBSetup.exe, Detection: malicious, Browse
                                                                        • Filename: MBSetup.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                        • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                        • Filename: KqWnIt1164.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exe, Detection: malicious, Browse
                                                                        • Filename: 80OrFCsz0u.exe, Detection: malicious, Browse
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\TmpDA31.tmp

                                                                        Download File
                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):2662
                                                                        Entropy (8bit):7.8230547059446645
                                                                        Encrypted:false
                                                                        SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                        MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                        SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                        SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                        SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                        C:\Users\user\AppData\Local\Temp\TmpDA41.tmp

                                                                        Download File
                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):2662
                                                                        Entropy (8bit):7.8230547059446645
                                                                        Encrypted:false
                                                                        SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                        MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                        SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                        SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                        SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                        Download File
                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):2251
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:0158FE9CEAD91D1B027B795984737614
                                                                        SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                        SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                        SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                        Malicious:false
                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):7.610471077261223
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.96%
                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        File name:file.exe
                                                                        File size:3'948'984 bytes
                                                                        MD5:acfc823a15fbc0247f1974b9a7dc7cf8
                                                                        SHA1:3289cb74a353915117e7b1649acbff7449068018
                                                                        SHA256:2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81
                                                                        SHA512:1429b568485669dd1376cf2082efa4dff7ac2042fab6ddc31889cb92087dfd4609399395935e47910f4c982f85e1e5b3dc6061e97258c5078a8791aa2d5b3568
                                                                        SSDEEP:49152:2sr3b8LJA1/x5CQIcSlU9Jn03eHk5SyiZfOp7fgqjIr7vFKNrFeE:9fGJeHI2Jn0OHk5SbOpKwOE
                                                                        TLSH:E006CF0AF5D4D902D2320B37D5B694809FB45693A613E31EFD9E232B1FF239A4A47346
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Qx...............P...9..T........:.. ... :...@.. ........................;.....<.=...@................................

                                                                        File Icon

                                                                        Icon Hash:5bd3939393a1b0b1

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x7a05ee
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:true
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0xBF7851EB [Sat Oct 17 18:52:27 2071 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Authenticode Signature

                                                                        Signature Valid:false
                                                                        Signature Issuer:C=WORLD, S=WORLD, L=\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a, OU=SIMENS CZ, O=Creted by CZ, CN=SIMENS CZ
                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                        Error Number:-2146762487
                                                                        Not Before, Not After
                                                                        • 25/04/2024 09:56:16 16/06/2027 01:00:00
                                                                        Subject Chain
                                                                        • C=WORLD, S=WORLD, L=\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a, OU=SIMENS CZ, O=Creted by CZ, CN=SIMENS CZ
                                                                        Version:3
                                                                        Thumbprint MD5:A91A3FF99505DC3D309D4FE83D25372A
                                                                        Thumbprint SHA-1:C0C3CB4267938E9A1E9553307B0F44BDCFAB410C
                                                                        Thumbprint SHA-256:A5921D7BE2B2CFFDF998B6C8965D2B210CAFE41067C9AA6253E1BC69D2F6585E
                                                                        Serial:1955FBFBC33A71479A33C56C5AC8679C

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3a05a00x4b.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a20000x150d4.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x3bbee00x82d8
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3b80000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000x39e5f40x39e6009f7c7b32d2d9271cd3a4bb5ca7c5c99eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0x3a20000x150d40x152008ba8277321050fd9df833ac9eb9f3301False0.4844790125739645data5.016449818772995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0x3b80000xc0x2001f966db090dfdfe97792dd379cbc2f23False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        TYPELIB0x3a22180x68cdataEnglishUnited States0.324582338902148
                                                                        RT_ICON0x3a28a40x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7730496453900709
                                                                        RT_ICON0x3a2d0c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.6334427767354597
                                                                        RT_ICON0x3a3db40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.5635892116182573
                                                                        RT_ICON0x3a635c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.46825091683426
                                                                        RT_GROUP_ICON0x3b6b840x3edata0.7741935483870968
                                                                        RT_VERSION0x3b6bc40x324data0.45149253731343286
                                                                        RT_MANIFEST0x3b6ee80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Possible Origin

                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        EnglishUnited States

                                                                        Network Behavior

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Apr 25, 2024 15:37:52.145271063 CEST49675443192.168.2.4173.222.162.32
                                                                        Apr 25, 2024 15:38:01.754456997 CEST49675443192.168.2.4173.222.162.32
                                                                        Apr 25, 2024 15:38:38.645252943 CEST4972680192.168.2.4172.64.149.23
                                                                        Apr 25, 2024 15:38:38.645344019 CEST4972580192.168.2.4104.18.38.233
                                                                        Apr 25, 2024 15:38:38.756211996 CEST8049725104.18.38.233192.168.2.4
                                                                        Apr 25, 2024 15:38:38.756264925 CEST8049726172.64.149.23192.168.2.4
                                                                        Apr 25, 2024 15:38:38.756302118 CEST4972580192.168.2.4104.18.38.233
                                                                        Apr 25, 2024 15:38:38.756320953 CEST4972680192.168.2.4172.64.149.23
                                                                        Apr 25, 2024 15:39:08.754683971 CEST4972380192.168.2.4199.232.210.172
                                                                        Apr 25, 2024 15:39:08.754816055 CEST4972480192.168.2.4199.232.210.172
                                                                        Apr 25, 2024 15:39:08.864358902 CEST8049724199.232.210.172192.168.2.4
                                                                        Apr 25, 2024 15:39:08.864463091 CEST8049724199.232.210.172192.168.2.4
                                                                        Apr 25, 2024 15:39:08.864481926 CEST8049723199.232.210.172192.168.2.4
                                                                        Apr 25, 2024 15:39:08.864497900 CEST8049723199.232.210.172192.168.2.4
                                                                        Apr 25, 2024 15:39:08.864624023 CEST4972480192.168.2.4199.232.210.172
                                                                        Apr 25, 2024 15:39:08.864648104 CEST4972380192.168.2.4199.232.210.172

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Apr 25, 2024 15:38:14.736916065 CEST1.1.1.1192.168.2.40xfec7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                        Apr 25, 2024 15:38:14.736916065 CEST1.1.1.1192.168.2.40xfec7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                        Apr 25, 2024 15:38:15.090190887 CEST1.1.1.1192.168.2.40x1111No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                        Apr 25, 2024 15:38:15.090190887 CEST1.1.1.1192.168.2.40x1111No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                        Apr 25, 2024 15:38:27.943787098 CEST1.1.1.1192.168.2.40x25edNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                        Apr 25, 2024 15:38:27.943787098 CEST1.1.1.1192.168.2.40x25edNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:15:37:55
                                                                        Start date:25/04/2024
                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                        Imagebase:0x3f0000
                                                                        File size:3'948'984 bytes
                                                                        MD5 hash:ACFC823A15FBC0247F1974B9A7DC7CF8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1649795317.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1649795317.0000000003CAA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1640845575.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:1
                                                                        Start time:15:37:55
                                                                        Start date:25/04/2024
                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                                                                        Imagebase:0xee0000
                                                                        File size:262'432 bytes
                                                                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.1665266688.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:moderate
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:2
                                                                        Start time:15:37:55
                                                                        Start date:25/04/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:7.7%
                                                                          Dynamic/Decrypted Code Coverage:10%
                                                                          Signature Coverage:6.1%
                                                                          Total number of Nodes:1175
                                                                          Total number of Limit Nodes:58
                                                                          execution_graph 58559 6cf06bc0 58560 6cf06bde 58559->58560 58561 6cf06c26 58560->58561 58569 6cf59d21 58560->58569 58563 6cf06bf7 58564 6cf06c1d 58563->58564 58573 6cf05300 58563->58573 58568 6cf06c3c 58570 6cf5e8d5 __EH_prolog3_catch 58569->58570 58571 6cf59bb5 77 API calls 58570->58571 58572 6cf5e8ed _Fac_tidy 58571->58572 58572->58563 58575 6cf05322 58573->58575 58574 6cf05329 58574->58564 58577 6cf06c60 SafeArrayCreateVector SafeArrayAccessData 58574->58577 58575->58574 58581 6cf05840 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 58575->58581 58578 6cf06c91 _memmove 58577->58578 58579 6cf06cad 58577->58579 58580 6cf06c9f SafeArrayUnaccessData 58578->58580 58579->58568 58580->58579 58581->58574 58296 6cf5a510 58299 6cf5fe93 58296->58299 58298 6cf5a515 58300 6cf5fec5 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 58299->58300 58301 6cf5feb8 58299->58301 58303 6cf5ff04 58300->58303 58301->58300 58302 6cf5febc 58301->58302 58302->58298 58303->58302 58304 6cf19357 58305 6cf19368 58304->58305 58441 6cf169c0 58305->58441 58307 6cf18739 58308 6cf1ae62 SafeArrayDestroy 58307->58308 58309 6cf1ae68 58307->58309 58308->58309 58310 6cf1ae72 SafeArrayDestroy 58309->58310 58311 6cf1ae7b 58309->58311 58310->58311 58313 6cf1ae85 SafeArrayDestroy 58311->58313 58314 6cf1ae8e 58311->58314 58312 6cf193ac 58312->58307 58315 6cf169c0 11 API calls 58312->58315 58313->58314 58316 6cf1aea1 58314->58316 58317 6cf1ae98 SafeArrayDestroy 58314->58317 58324 6cf1943a 58315->58324 58318 6cf1aeb4 58316->58318 58319 6cf1aeab SafeArrayDestroy 58316->58319 58317->58316 58320 6cf1aec7 58318->58320 58321 6cf1aebe SafeArrayDestroy 58318->58321 58319->58318 58322 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58320->58322 58321->58320 58323 6cf1aef5 58322->58323 58324->58307 58325 6cf194b1 SafeArrayGetLBound SafeArrayGetUBound 58324->58325 58326 6cf19658 58325->58326 58331 6cf194ef 58325->58331 58327 6cf0d920 3 API calls 58326->58327 58330 6cf1968f 58327->58330 58328 6cf194fd SafeArrayGetElement 58328->58307 58328->58331 58329 6cf1840e 58329->58307 58489 6cf0dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 58329->58489 58330->58307 58341 6cf19794 SafeArrayGetLBound SafeArrayGetUBound 58330->58341 58331->58307 58331->58326 58331->58328 58331->58329 58333 6cf18441 58333->58307 58334 6cf184af SafeArrayGetLBound SafeArrayGetUBound 58333->58334 58335 6cf18616 58334->58335 58336 6cf184ed SafeArrayGetElement 58334->58336 58490 6cf0dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 58335->58490 58336->58307 58346 6cf18518 58336->58346 58338 6cf1862b 58338->58307 58491 6cf0dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 58338->58491 58340 6cf1864b 58340->58307 58492 6cf0dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 58340->58492 58352 6cf19c5e 58341->58352 58366 6cf197d2 58341->58366 58343 6cf1866b 58343->58307 58493 6cf0dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 58343->58493 58344 6cf13a90 8 API calls 58344->58346 58345 6cf197e3 SafeArrayGetElement 58345->58307 58345->58366 58346->58335 58346->58336 58346->58344 58348 6cf0d920 3 API calls 58355 6cf19cf8 58348->58355 58349 6cf1868a 58349->58307 58494 6cf0dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 58349->58494 58351 6cf186aa 58351->58307 58353 6cf169c0 11 API calls 58351->58353 58352->58348 58354 6cf186cf 58353->58354 58354->58307 58356 6cf169c0 11 API calls 58354->58356 58355->58307 58357 6cf19d4f SafeArrayGetLBound SafeArrayGetUBound 58355->58357 58358 6cf186f5 58356->58358 58359 6cf19ec7 58357->58359 58367 6cf19d8d 58357->58367 58358->58307 58360 6cf169c0 11 API calls 58358->58360 58362 6cf0d920 3 API calls 58359->58362 58360->58307 58361 6cf19da0 SafeArrayGetElement 58361->58307 58361->58367 58363 6cf19f09 58362->58363 58363->58307 58364 6cf0d920 3 API calls 58363->58364 58368 6cf19f8b 58364->58368 58365 6cf13a90 8 API calls 58365->58367 58366->58329 58366->58345 58366->58352 58372 6cf13a90 8 API calls 58366->58372 58367->58359 58367->58361 58367->58365 58368->58307 58369 6cf0d920 3 API calls 58368->58369 58370 6cf1a01f 58369->58370 58370->58307 58371 6cf0d920 3 API calls 58370->58371 58373 6cf1a09b 58371->58373 58372->58366 58373->58307 58374 6cf1a1ac SafeArrayGetLBound SafeArrayGetUBound 58373->58374 58375 6cf1a7b3 58374->58375 58389 6cf1a1ea 58374->58389 58376 6cf0d920 3 API calls 58375->58376 58378 6cf1a7ce 58376->58378 58377 6cf1a1fd SafeArrayGetElement 58380 6cf1a815 58377->58380 58377->58389 58378->58307 58379 6cf0d920 3 API calls 58378->58379 58379->58380 58380->58307 58448 6cf164d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 58380->58448 58382 6cf1a91d 58382->58307 58383 6cf164d0 109 API calls 58382->58383 58384 6cf1a950 58383->58384 58384->58307 58385 6cf164d0 109 API calls 58384->58385 58386 6cf1a983 58385->58386 58386->58307 58387 6cf164d0 109 API calls 58386->58387 58388 6cf1a9b6 58387->58388 58388->58307 58390 6cf164d0 109 API calls 58388->58390 58389->58375 58389->58377 58395 6cf13a90 8 API calls 58389->58395 58391 6cf1a9e9 58390->58391 58391->58307 58392 6cf164d0 109 API calls 58391->58392 58393 6cf1aa1c 58392->58393 58393->58307 58394 6cf164d0 109 API calls 58393->58394 58396 6cf1aa4f 58394->58396 58395->58389 58396->58307 58397 6cf164d0 109 API calls 58396->58397 58398 6cf1aa82 58397->58398 58398->58307 58399 6cf164d0 109 API calls 58398->58399 58400 6cf1aab5 58399->58400 58400->58307 58401 6cf164d0 109 API calls 58400->58401 58402 6cf1aae8 58401->58402 58402->58307 58403 6cf164d0 109 API calls 58402->58403 58404 6cf1ab1e 58403->58404 58404->58307 58405 6cf1abd0 58404->58405 58409 6cf1ac5a 58404->58409 58462 6cf12970 58405->58462 58495 6cf1d790 77 API calls 3 library calls 58409->58495 58411 6cf1ac37 58411->58307 58496 6cf01690 77 API calls 58411->58496 58413 6cf1ad36 58497 6cf050c0 77 API calls 58413->58497 58415 6cf1ad4d 58416 6cf59bb5 77 API calls 58415->58416 58417 6cf1ad5d 58416->58417 58418 6cf05050 77 API calls 58417->58418 58419 6cf1ad77 58418->58419 58498 6cf050c0 77 API calls 58419->58498 58421 6cf1ad82 58422 6cf59bb5 77 API calls 58421->58422 58423 6cf1ad89 58422->58423 58424 6cf05050 77 API calls 58423->58424 58425 6cf1ada7 58424->58425 58426 6cf59bb5 77 API calls 58425->58426 58427 6cf1adae 58426->58427 58428 6cf05050 77 API calls 58427->58428 58429 6cf1adcc 58428->58429 58499 6cf050c0 77 API calls 58429->58499 58431 6cf1add7 58432 6cf59bb5 77 API calls 58431->58432 58433 6cf1ade1 58432->58433 58434 6cf05050 77 API calls 58433->58434 58435 6cf1adfb 58434->58435 58500 6cf050c0 77 API calls 58435->58500 58437 6cf1ae06 58501 6cf050c0 77 API calls 58437->58501 58439 6cf1ae11 58502 6cf02a40 327 API calls 58439->58502 58442 6cf16a01 SafeArrayGetLBound SafeArrayGetUBound 58441->58442 58443 6cf169f3 58441->58443 58445 6cf16a2a 58442->58445 58447 6cf16a92 58442->58447 58443->58442 58444 6cf16a30 SafeArrayGetElement 58444->58445 58444->58447 58445->58444 58445->58447 58503 6cf13990 8 API calls 58445->58503 58447->58312 58449 6cf16554 58448->58449 58450 6cf1655c SafeArrayPutElement VariantClear 58448->58450 58449->58450 58451 6cf16655 58450->58451 58452 6cf16584 SafeArrayPutElement VariantClear 58450->58452 58454 6cf16665 SafeArrayDestroy 58451->58454 58455 6cf1666c VariantClear VariantClear VariantClear 58451->58455 58452->58451 58456 6cf165cd 58452->58456 58454->58455 58455->58382 58456->58451 58504 6cf0db30 VariantInit SafeArrayCreateVector SafeArrayPutElement 58456->58504 58458 6cf1663a 58458->58451 58508 6cf156b0 58458->58508 58469 6cf129c3 58462->58469 58463 6cf12d21 58463->58307 58476 6cf1d2e0 58463->58476 58464 6cf12d1a SafeArrayDestroy 58464->58463 58465 6cf129ee SafeArrayGetLBound SafeArrayGetUBound 58466 6cf12a20 SafeArrayGetElement 58465->58466 58467 6cf12c53 58465->58467 58466->58467 58466->58469 58467->58463 58467->58464 58468 6cf12ab6 VariantInit 58468->58469 58469->58463 58469->58465 58469->58466 58469->58467 58469->58468 58470 6cf12c8b VariantClear VariantClear 58469->58470 58471 6cf12b3a VariantInit 58469->58471 58472 6cf12d3a VariantClear VariantClear VariantClear 58469->58472 58473 6cf12cb6 VariantClear VariantClear VariantClear 58469->58473 58474 6cf12bf9 VariantClear VariantClear VariantClear 58469->58474 58470->58467 58471->58469 58472->58467 58473->58467 58474->58469 58477 6cf59bb5 77 API calls 58476->58477 58478 6cf1d32f 58477->58478 58479 6cf1d3db 58478->58479 58480 6cf1d33e 58478->58480 58537 6cf59533 66 API calls std::exception::_Copy_str 58479->58537 58526 6cf1c530 VariantInit VariantInit SafeArrayCreateVector 58480->58526 58482 6cf1d3ed 58538 6cf5ac75 RaiseException 58482->58538 58484 6cf1d404 58487 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58488 6cf1d3d5 58487->58488 58488->58411 58489->58333 58490->58338 58491->58340 58492->58343 58493->58349 58494->58351 58495->58411 58496->58413 58497->58415 58498->58421 58499->58431 58500->58437 58501->58439 58502->58307 58503->58445 58507 6cf0db8c 58504->58507 58505 6cf0dbf0 SafeArrayDestroy 58506 6cf0dbf7 VariantClear 58505->58506 58506->58458 58507->58505 58507->58506 58509 6cf156e0 58508->58509 58510 6cf156f4 58508->58510 58509->58510 58523 6cf157c0 81 API calls std::_Xinvalid_argument 58509->58523 58513 6cf15744 58510->58513 58514 6cf1570d VariantInit VariantCopy 58510->58514 58524 6cf157c0 81 API calls std::_Xinvalid_argument 58510->58524 58515 6cf16880 VariantInit VariantInit 58513->58515 58514->58510 58514->58513 58525 6cf591e1 58515->58525 58517 6cf168cd SafeArrayCreateVector SafeArrayPutElement VariantClear 58518 6cf16913 SafeArrayPutElement 58517->58518 58522 6cf1692d 58517->58522 58518->58522 58519 6cf16980 SafeArrayDestroy 58520 6cf16987 58519->58520 58521 6cf16994 VariantClear VariantClear 58520->58521 58521->58451 58522->58519 58522->58520 58523->58510 58524->58510 58527 6cf1c5a4 58526->58527 58528 6cf1c5ac SafeArrayPutElement VariantClear 58526->58528 58527->58528 58532 6cf1c5cf 58528->58532 58535 6cf1c7e4 58528->58535 58529 6cf1c7f0 SafeArrayDestroy 58530 6cf1c7f7 VariantClear VariantClear 58529->58530 58531 6cf1c817 58530->58531 58531->58487 58533 6cf1c7d9 58532->58533 58532->58535 58542 6cf5919e 67 API calls 3 library calls 58532->58542 58539 6cf1df70 58533->58539 58535->58529 58535->58530 58537->58482 58538->58484 58543 6cf1d410 58539->58543 58541 6cf1df80 58541->58535 58542->58533 58544 6cf1d472 VariantInit VariantInit VariantInit 58543->58544 58556 6cf1d44e _memmove 58543->58556 58544->58556 58545 6cf1d704 VariantClear VariantClear VariantClear 58546 6cf1d75d 58545->58546 58545->58556 58546->58541 58547 6cf59d66 _malloc 66 API calls 58547->58556 58548 6cf1d579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 58548->58556 58549 6cf1d5ec SafeArrayPutElement 58549->58556 58550 6cf1d5d6 SafeArrayUnaccessData 58550->58549 58551 6cf1d633 SafeArrayPutElement VariantClear 58551->58556 58552 6cf1d6fa SafeArrayDestroy 58552->58556 58554 6cf0db30 5 API calls 58554->58556 58555 6cf156b0 83 API calls 58555->58556 58556->58541 58556->58544 58556->58545 58556->58546 58556->58547 58556->58548 58556->58549 58556->58550 58556->58551 58556->58552 58556->58554 58556->58555 58557 6cf16880 9 API calls 58556->58557 58558 6cf59d2c 66 API calls 2 library calls 58556->58558 58557->58556 58558->58556 57407 6cf5a42d 57408 6cf5a438 57407->57408 57413 6cf5a4b8 type_info::_Type_info_dtor 57407->57413 57412 6cf5a468 57408->57412 57408->57413 57415 6cf5a2ab 57408->57415 57410 6cf5a498 57411 6cf5a2ab __CRT_INIT@12 149 API calls 57410->57411 57410->57413 57411->57413 57412->57410 57412->57413 57414 6cf5a2ab __CRT_INIT@12 149 API calls 57412->57414 57414->57410 57416 6cf5a2b7 type_info::_Type_info_dtor 57415->57416 57417 6cf5a2bf 57416->57417 57418 6cf5a339 57416->57418 57467 6cf5e904 HeapCreate 57417->57467 57419 6cf5a33f 57418->57419 57420 6cf5a39a 57418->57420 57427 6cf5a35d 57419->57427 57433 6cf5a2c8 type_info::_Type_info_dtor 57419->57433 57477 6cf5d4e7 66 API calls _doexit 57419->57477 57423 6cf5a39f 57420->57423 57424 6cf5a3f8 57420->57424 57422 6cf5a2c4 57426 6cf5a2cf 57422->57426 57422->57433 57482 6cf5e948 TlsGetValue 57423->57482 57424->57433 57488 6cf5ec2f 79 API calls __freefls@4 57424->57488 57468 6cf5ec9d 86 API calls 5 library calls 57426->57468 57431 6cf5a371 57427->57431 57478 6cf5dd67 67 API calls type_info::_Type_info_dtor 57427->57478 57481 6cf5a384 70 API calls __mtterm 57431->57481 57433->57412 57435 6cf5a2d4 __RTC_Initialize 57439 6cf5a2d8 57435->57439 57446 6cf5a2e4 GetCommandLineA 57435->57446 57438 6cf5a3b0 57438->57433 57441 6cf5a3bc DecodePointer 57438->57441 57469 6cf5e922 HeapDestroy 57439->57469 57440 6cf5a367 57479 6cf5e97c 70 API calls type_info::_Type_info_dtor 57440->57479 57447 6cf5a3d1 57441->57447 57444 6cf5a2dd 57444->57433 57445 6cf5a36c 57480 6cf5e922 HeapDestroy 57445->57480 57470 6cf5fc46 71 API calls 2 library calls 57446->57470 57450 6cf5a3d5 57447->57450 57451 6cf5a3ec 57447->57451 57486 6cf5e9b9 66 API calls 4 library calls 57450->57486 57487 6cf59d2c 66 API calls 2 library calls 57451->57487 57452 6cf5a2f4 57471 6cf5db22 73 API calls __calloc_crt 57452->57471 57456 6cf5a3dc GetCurrentThreadId 57456->57433 57457 6cf5a2fe 57458 6cf5a302 57457->57458 57473 6cf5fb8b 95 API calls 3 library calls 57457->57473 57472 6cf5e97c 70 API calls type_info::_Type_info_dtor 57458->57472 57461 6cf5a30e 57462 6cf5a322 57461->57462 57474 6cf5f915 94 API calls 6 library calls 57461->57474 57462->57444 57476 6cf5dd67 67 API calls type_info::_Type_info_dtor 57462->57476 57465 6cf5a317 57465->57462 57475 6cf5d2fa 77 API calls 4 library calls 57465->57475 57467->57422 57468->57435 57469->57444 57470->57452 57471->57457 57472->57439 57473->57461 57474->57465 57475->57462 57476->57458 57477->57427 57478->57440 57479->57445 57480->57431 57481->57433 57483 6cf5e95d DecodePointer TlsSetValue 57482->57483 57484 6cf5a3a4 57482->57484 57483->57484 57485 6cf5cb28 66 API calls __calloc_crt 57484->57485 57485->57438 57486->57456 57487->57444 57488->57433 57403 52953e0 57404 529542a LoadLibraryW 57403->57404 57406 529548c 57404->57406 57489 529ceb0 57490 529ced3 57489->57490 57498 5ca1569 57490->57498 57503 5ca0eb3 57490->57503 57508 5ca0f14 57490->57508 57491 529ceeb 57513 5ca26f8 57491->57513 57542 5ca26f6 57491->57542 57492 529cf2d 57499 5ca15b6 57498->57499 57500 5ca19c1 57499->57500 57571 529cf49 57499->57571 57575 529cf50 57499->57575 57500->57491 57505 5ca0eb8 57503->57505 57504 5ca19c1 57504->57491 57505->57504 57506 529cf49 327 API calls 57505->57506 57507 529cf50 327 API calls 57505->57507 57506->57504 57507->57504 57510 5ca0f15 57508->57510 57509 5ca19c1 57509->57491 57510->57509 57511 529cf49 327 API calls 57510->57511 57512 529cf50 327 API calls 57510->57512 57511->57509 57512->57509 57514 5ca272b 57513->57514 58188 529d270 57514->58188 58192 529d264 57514->58192 57515 5ca28de 57523 5ca29cb 57515->57523 58196 529d770 57515->58196 58199 529d76a 57515->58199 57516 5ca2a0c 58203 529d869 57516->58203 58207 529d870 57516->58207 57517 5ca2a45 57517->57523 58210 529d990 57517->58210 58214 529d989 57517->58214 57518 5ca2cbb 57519 5ca2d0f 57518->57519 57534 529d76a Wow64SetThreadContext 57518->57534 57535 529d770 Wow64SetThreadContext 57518->57535 57530 529d989 WriteProcessMemory 57519->57530 57531 529d990 WriteProcessMemory 57519->57531 57520 5ca2b54 57520->57518 57532 529d989 WriteProcessMemory 57520->57532 57533 529d990 WriteProcessMemory 57520->57533 57521 5ca2da8 57522 5ca2df3 57521->57522 57538 529d76a Wow64SetThreadContext 57521->57538 57539 529d770 Wow64SetThreadContext 57521->57539 58218 529dae8 57522->58218 58221 529dae0 57522->58221 57523->57492 57530->57521 57531->57521 57532->57520 57533->57520 57534->57519 57535->57519 57538->57522 57539->57522 57543 5ca272b 57542->57543 57563 529d270 CreateProcessA 57543->57563 57564 529d264 CreateProcessA 57543->57564 57544 5ca28de 57552 5ca29cb 57544->57552 57559 529d76a Wow64SetThreadContext 57544->57559 57560 529d770 Wow64SetThreadContext 57544->57560 57545 5ca2a0c 57561 529d869 VirtualAllocEx 57545->57561 57562 529d870 VirtualAllocEx 57545->57562 57546 5ca2a45 57546->57552 57553 529d989 WriteProcessMemory 57546->57553 57554 529d990 WriteProcessMemory 57546->57554 57547 5ca2cbb 57548 5ca2d0f 57547->57548 57567 529d76a Wow64SetThreadContext 57547->57567 57568 529d770 Wow64SetThreadContext 57547->57568 57565 529d989 WriteProcessMemory 57548->57565 57566 529d990 WriteProcessMemory 57548->57566 57549 5ca2b54 57549->57547 57569 529d989 WriteProcessMemory 57549->57569 57570 529d990 WriteProcessMemory 57549->57570 57550 5ca2da8 57551 5ca2df3 57550->57551 57555 529d76a Wow64SetThreadContext 57550->57555 57556 529d770 Wow64SetThreadContext 57550->57556 57557 529dae8 ResumeThread 57551->57557 57558 529dae0 ResumeThread 57551->57558 57552->57492 57553->57549 57554->57549 57555->57551 57556->57551 57557->57552 57558->57552 57559->57545 57560->57545 57561->57546 57562->57546 57563->57544 57564->57544 57565->57550 57566->57550 57567->57548 57568->57548 57569->57549 57570->57549 57572 529cf50 57571->57572 57579 6cf23eb0 57572->57579 57573 529cfe4 57573->57500 57576 529cfbb 57575->57576 57578 6cf23eb0 327 API calls 57576->57578 57577 529cfe4 57577->57500 57578->57577 57620 6cf59bb5 57579->57620 57582 6cf59bb5 77 API calls 57583 6cf23f36 57582->57583 57632 6cf05050 57583->57632 57585 6cf23f50 57586 6cf59bb5 77 API calls 57585->57586 57587 6cf23f57 57586->57587 57588 6cf05050 77 API calls 57587->57588 57589 6cf23f71 57588->57589 57590 6cf59bb5 77 API calls 57589->57590 57591 6cf23f78 57590->57591 57592 6cf05050 77 API calls 57591->57592 57593 6cf23f92 57592->57593 57594 6cf59bb5 77 API calls 57593->57594 57595 6cf23fab 57594->57595 57596 6cf23fb2 57595->57596 57597 6cf24031 57595->57597 57640 6cf016b0 57596->57640 57704 6cf59533 66 API calls std::exception::_Copy_str 57597->57704 57600 6cf24047 57705 6cf5ac75 RaiseException 57600->57705 57602 6cf2405e 57603 6cf59bb5 77 API calls 57602->57603 57604 6cf240b5 57603->57604 57606 6cf59bb5 77 API calls 57604->57606 57605 6cf23fdc collate 57605->57573 57607 6cf240d8 57606->57607 57608 6cf05050 77 API calls 57607->57608 57609 6cf240f2 57608->57609 57610 6cf59bb5 77 API calls 57609->57610 57611 6cf240f9 57610->57611 57612 6cf05050 77 API calls 57611->57612 57613 6cf24113 57612->57613 57614 6cf59bb5 77 API calls 57613->57614 57615 6cf2411a 57614->57615 57616 6cf05050 77 API calls 57615->57616 57617 6cf24134 57616->57617 57618 6cf016b0 327 API calls 57617->57618 57619 6cf24169 collate 57618->57619 57619->57573 57622 6cf59bbf 57620->57622 57623 6cf23f11 57622->57623 57628 6cf59bdb std::exception::exception 57622->57628 57706 6cf59d66 57622->57706 57723 6cf5c86e DecodePointer 57622->57723 57623->57582 57625 6cf59c19 57725 6cf595c1 66 API calls std::exception::operator= 57625->57725 57627 6cf59c23 57726 6cf5ac75 RaiseException 57627->57726 57628->57625 57724 6cf59af4 76 API calls __cinit 57628->57724 57631 6cf59c34 57633 6cf05091 57632->57633 57634 6cf0505d 57632->57634 57636 6cf0509d 57633->57636 57736 6cf05110 77 API calls std::_Xinvalid_argument 57633->57736 57634->57633 57635 6cf05066 57634->57635 57637 6cf0507a 57635->57637 57735 6cf05110 77 API calls std::_Xinvalid_argument 57635->57735 57636->57585 57637->57585 57641 6cf59bb5 77 API calls 57640->57641 57642 6cf01706 57641->57642 57643 6cf01711 57642->57643 57644 6cf01c39 57642->57644 57737 6cf02d70 57643->57737 57789 6cf59533 66 API calls std::exception::_Copy_str 57644->57789 57648 6cf01c48 57790 6cf5ac75 RaiseException 57648->57790 57650 6cf02d70 77 API calls 57652 6cf01788 57650->57652 57651 6cf01c5d 57653 6cf02d70 77 API calls 57652->57653 57654 6cf017a9 57653->57654 57655 6cf02d70 77 API calls 57654->57655 57656 6cf017ca 57655->57656 57657 6cf02d70 77 API calls 57656->57657 57658 6cf017e6 57657->57658 57659 6cf02d70 77 API calls 57658->57659 57660 6cf0182f 57659->57660 57661 6cf02d70 77 API calls 57660->57661 57662 6cf01878 57661->57662 57663 6cf02d70 77 API calls 57662->57663 57664 6cf018c6 57663->57664 57665 6cf02d70 77 API calls 57664->57665 57666 6cf018e7 57665->57666 57667 6cf02d70 77 API calls 57666->57667 57668 6cf01900 57667->57668 57669 6cf02d70 77 API calls 57668->57669 57670 6cf01946 57669->57670 57671 6cf02d70 77 API calls 57670->57671 57672 6cf0198f 57671->57672 57673 6cf02d70 77 API calls 57672->57673 57674 6cf019d3 57673->57674 57675 6cf02d70 77 API calls 57674->57675 57676 6cf01a05 57675->57676 57745 6cf03b30 57676->57745 57679 6cf02d70 77 API calls 57680 6cf01a21 57679->57680 57681 6cf02d70 77 API calls 57680->57681 57682 6cf01a82 57681->57682 57754 6cf03bd0 57682->57754 57685 6cf02d70 77 API calls 57686 6cf01a9e 57685->57686 57687 6cf02d70 77 API calls 57686->57687 57688 6cf01aec 57687->57688 57763 6cf02a80 57688->57763 57690 6cf01b4c 57691 6cf01b62 57690->57691 57786 6cf5919e 67 API calls 3 library calls 57690->57786 57769 6cf230c0 57691->57769 57773 6cf242e0 57691->57773 57777 6cf06850 57691->57777 57781 6cf069e0 57691->57781 57692 6cf01b58 57787 6cf59125 67 API calls 2 library calls 57692->57787 57696 6cf01b00 57696->57690 57696->57692 57697 6cf01b6d collate 57696->57697 57785 6cf02e60 77 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 57696->57785 57788 6cf03530 67 API calls 57697->57788 57699 6cf01ba1 collate 57699->57605 57704->57600 57705->57602 57707 6cf59de3 57706->57707 57720 6cf59d74 57706->57720 57733 6cf5c86e DecodePointer 57707->57733 57709 6cf59de9 57734 6cf5d7d8 66 API calls __getptd_noexit 57709->57734 57710 6cf59d7f 57710->57720 57727 6cf5d74e 66 API calls __NMSG_WRITE 57710->57727 57728 6cf5d59f 66 API calls 6 library calls 57710->57728 57729 6cf5d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 57710->57729 57713 6cf59da2 RtlAllocateHeap 57714 6cf59ddb 57713->57714 57713->57720 57714->57622 57716 6cf59dcf 57731 6cf5d7d8 66 API calls __getptd_noexit 57716->57731 57720->57710 57720->57713 57720->57716 57721 6cf59dcd 57720->57721 57730 6cf5c86e DecodePointer 57720->57730 57732 6cf5d7d8 66 API calls __getptd_noexit 57721->57732 57723->57622 57724->57625 57725->57627 57726->57631 57727->57710 57728->57710 57730->57720 57731->57721 57732->57714 57733->57709 57734->57714 57735->57637 57736->57636 57741 6cf02db8 57737->57741 57739 6cf02e02 57800 6cf03cc0 67 API calls 57739->57800 57740 6cf02e0d 57791 6cf5948b 57740->57791 57741->57740 57799 6cef5a30 77 API calls 2 library calls 57741->57799 57744 6cf01746 57744->57650 57746 6cf03b3d 57745->57746 57747 6cf59bb5 77 API calls 57746->57747 57749 6cf03b6f 57747->57749 57748 6cf01a0c 57748->57679 57749->57748 57802 6cf59533 66 API calls std::exception::_Copy_str 57749->57802 57751 6cf03bae 57803 6cf5ac75 RaiseException 57751->57803 57753 6cf03bc3 57755 6cf03bdd 57754->57755 57756 6cf59bb5 77 API calls 57755->57756 57757 6cf03c0f 57756->57757 57758 6cf01a89 57757->57758 57804 6cf59533 66 API calls std::exception::_Copy_str 57757->57804 57758->57685 57760 6cf03c4e 57805 6cf5ac75 RaiseException 57760->57805 57762 6cf03c63 57764 6cf02acd 57763->57764 57768 6cf02ae6 57763->57768 57765 6cf02adf 57764->57765 57806 6cf590d8 67 API calls 2 library calls 57764->57806 57807 6cf031e0 77 API calls 2 library calls 57765->57807 57768->57696 57770 6cf230de 57769->57770 57771 6cf230f8 57769->57771 57808 6cf05fa0 57770->57808 57771->57697 57774 6cf2431d 57773->57774 57775 6cf242fe 57773->57775 57774->57697 57829 6cf062c0 57775->57829 57778 6cf0686e 57777->57778 57780 6cf06890 57777->57780 57856 6cf08bc0 57778->57856 57780->57697 57782 6cf06a1f 57781->57782 57783 6cf069fe 57781->57783 57782->57697 58063 6cf09110 57783->58063 57785->57696 57786->57692 57787->57691 57788->57699 57789->57648 57790->57651 57792 6cf59495 IsDebuggerPresent 57791->57792 57793 6cf59493 57791->57793 57801 6cf60036 57792->57801 57793->57744 57796 6cf5ce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 57797 6cf5cea3 GetCurrentProcess TerminateProcess 57796->57797 57798 6cf5ce9b __call_reportfault 57796->57798 57797->57744 57798->57797 57799->57739 57800->57740 57801->57796 57802->57751 57803->57753 57804->57760 57805->57762 57806->57765 57807->57768 57809 6cf59bb5 77 API calls 57808->57809 57810 6cf06003 57809->57810 57811 6cf59bb5 77 API calls 57810->57811 57812 6cf06028 57811->57812 57813 6cf05050 77 API calls 57812->57813 57814 6cf06042 57813->57814 57815 6cf59bb5 77 API calls 57814->57815 57816 6cf06049 57815->57816 57817 6cf05050 77 API calls 57816->57817 57818 6cf06067 57817->57818 57819 6cf59bb5 77 API calls 57818->57819 57820 6cf0606e 57819->57820 57821 6cf05050 77 API calls 57820->57821 57822 6cf0608b 57821->57822 57823 6cf59bb5 77 API calls 57822->57823 57824 6cf06092 57823->57824 57825 6cf05050 77 API calls 57824->57825 57826 6cf060ac 57825->57826 57827 6cf016b0 327 API calls 57826->57827 57828 6cf060de collate 57827->57828 57828->57771 57830 6cf59bb5 77 API calls 57829->57830 57831 6cf0632b 57830->57831 57832 6cf59bb5 77 API calls 57831->57832 57833 6cf06350 57832->57833 57834 6cf05050 77 API calls 57833->57834 57835 6cf0636e 57834->57835 57836 6cf59bb5 77 API calls 57835->57836 57837 6cf06375 57836->57837 57838 6cf05050 77 API calls 57837->57838 57839 6cf06392 57838->57839 57840 6cf59bb5 77 API calls 57839->57840 57841 6cf06399 57840->57841 57842 6cf05050 77 API calls 57841->57842 57843 6cf063b3 57842->57843 57844 6cf59bb5 77 API calls 57843->57844 57845 6cf063c9 57844->57845 57846 6cf063d4 57845->57846 57847 6cf06459 57845->57847 57849 6cf016b0 327 API calls 57846->57849 57854 6cf59533 66 API calls std::exception::_Copy_str 57847->57854 57853 6cf06402 collate 57849->57853 57850 6cf0646b 57855 6cf5ac75 RaiseException 57850->57855 57852 6cf06482 57853->57774 57854->57850 57855->57852 57857 6cf08bd5 EnterCriticalSection 57856->57857 57858 6cf08bcc 57856->57858 57866 6cf1e030 57857->57866 57858->57780 57863 6cf08c13 LeaveCriticalSection 57863->57780 57867 6cf1e090 57866->57867 57869 6cf1e05d 57866->57869 57868 6cf59bb5 77 API calls 57867->57868 57870 6cf08bec 57868->57870 57869->57870 57871 6cf59bb5 77 API calls 57869->57871 57872 6cf0b6c0 GetModuleHandleW 57870->57872 57871->57870 57873 6cf0b717 LoadLibraryW 57872->57873 57874 6cf0b72a GetProcAddress 57872->57874 57873->57874 57875 6cf0b94c 57873->57875 57874->57875 57878 6cf0b73e 57874->57878 57876 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 57875->57876 57877 6cf08bfa 57876->57877 57877->57863 57885 6cf08c40 57877->57885 57878->57875 57879 6cf0b85d 57878->57879 57899 6cf5a116 80 API calls __mbstowcs_s_l 57879->57899 57881 6cf0b875 GetModuleHandleW 57881->57875 57882 6cf0b8aa GetProcAddress 57881->57882 57882->57875 57884 6cf0b8f2 57882->57884 57884->57875 57900 6cf0a350 VariantInit VariantInit VariantInit 57885->57900 57886 6cf08c63 57887 6cf08cf9 57886->57887 57910 6cf08b10 EnterCriticalSection 57886->57910 57887->57863 57889 6cf08c83 57890 6cf08ce2 57889->57890 57891 6cf08c9f 57889->57891 57919 6cf0b9a0 57889->57919 57890->57863 57927 6cf0bab0 57891->57927 57894 6cf08cd3 57894->57890 57943 6cf08ff0 69 API calls std::tr1::_Xweak 57894->57943 57899->57881 57903 6cf0a3b5 57900->57903 57901 6cf0a505 VariantClear VariantClear VariantClear 57904 6cf0a52a 57901->57904 57902 6cf0a3e0 VariantCopy 57905 6cf0a3f9 57902->57905 57906 6cf0a3ff VariantClear 57902->57906 57903->57901 57903->57902 57904->57886 57905->57906 57907 6cf0a413 57906->57907 57907->57901 57908 6cf0a549 VariantClear VariantClear VariantClear 57907->57908 57909 6cf0a57a 57908->57909 57909->57886 57911 6cf08b4b 57910->57911 57912 6cf08b53 LeaveCriticalSection 57911->57912 57914 6cf59bb5 77 API calls 57911->57914 57912->57889 57915 6cf08b64 57914->57915 57916 6cf08b80 57915->57916 57944 6cf07370 79 API calls 2 library calls 57915->57944 57945 6cf096d0 77 API calls 57916->57945 57920 6cf0b9dc 57919->57920 57921 6cf0ba7a 57920->57921 57922 6cf59bb5 77 API calls 57920->57922 57921->57891 57923 6cf0ba3a 57922->57923 57924 6cf0ba6a 57923->57924 57990 6cf15f00 77 API calls 2 library calls 57923->57990 57946 6cf16fd0 57924->57946 58007 6cf1b580 57927->58007 57929 6cf0baf3 57933 6cf08cbd 57929->57933 58012 6cf0af30 VariantInit VariantInit VariantInit 57929->58012 57931 6cf0bb0d 57932 6cf59bb5 77 API calls 57931->57932 57931->57933 57932->57933 57933->57890 57934 6cf08d60 EnterCriticalSection 57933->57934 58033 6cf09750 57934->58033 57937 6cf08e0a 57937->57894 57938 6cf08d97 57938->57937 57939 6cf08de5 57938->57939 58035 6cf0bdf7 57938->58035 58045 6cf08e20 57939->58045 57941 6cf08e02 57941->57894 57943->57890 57944->57916 57945->57912 57949 6cf1700a 57946->57949 57989 6cf178c2 57946->57989 57947 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 57948 6cf18326 57947->57948 57948->57921 57949->57989 57991 6cf0d920 57949->57991 57951 6cf178b5 57952 6cf0d920 3 API calls 57951->57952 57951->57989 57953 6cf17920 57952->57953 57954 6cf0d920 3 API calls 57953->57954 57953->57989 57955 6cf17986 57954->57955 57956 6cf0d920 3 API calls 57955->57956 57957 6cf179df 57955->57957 57956->57957 57957->57989 57999 6cf0d9f0 57957->57999 57959 6cf17a7b 57960 6cf0d9f0 3 API calls 57959->57960 57959->57989 57961 6cf17acb 57960->57961 57962 6cf0d9f0 3 API calls 57961->57962 57961->57989 57963 6cf17b19 57962->57963 57964 6cf0d9f0 3 API calls 57963->57964 57963->57989 57965 6cf17b90 57964->57965 57966 6cf0d9f0 3 API calls 57965->57966 57965->57989 57967 6cf17c0b 57966->57967 57968 6cf0d9f0 3 API calls 57967->57968 57967->57989 57969 6cf17ca5 57968->57969 57970 6cf0d9f0 3 API calls 57969->57970 57969->57989 57971 6cf17d3f 57970->57971 57972 6cf0d9f0 3 API calls 57971->57972 57971->57989 57973 6cf17dbb 57972->57973 57974 6cf0d9f0 3 API calls 57973->57974 57973->57989 57975 6cf17e44 57974->57975 57976 6cf0d9f0 3 API calls 57975->57976 57975->57989 57977 6cf17eb5 57976->57977 57978 6cf0d9f0 3 API calls 57977->57978 57977->57989 57979 6cf17f6e 57978->57979 57980 6cf0d9f0 3 API calls 57979->57980 57979->57989 57981 6cf18081 57980->57981 57982 6cf0d9f0 3 API calls 57981->57982 57981->57989 57983 6cf180ca 57982->57983 57984 6cf0d9f0 3 API calls 57983->57984 57983->57989 57985 6cf180f9 57984->57985 57986 6cf0d9f0 3 API calls 57985->57986 57985->57989 57987 6cf18175 57986->57987 57988 6cf0d9f0 3 API calls 57987->57988 57987->57989 57988->57989 57989->57947 57990->57924 57992 6cf0d944 SafeArrayCreateVector 57991->57992 57993 6cf0d936 57991->57993 57994 6cf0d981 57992->57994 57995 6cf0d95a 57992->57995 57993->57992 57997 6cf0d9d5 57994->57997 57998 6cf0d9ce SafeArrayDestroy 57994->57998 57995->57994 57996 6cf0d960 SafeArrayPutElement 57995->57996 57996->57994 57996->57995 57997->57951 57998->57997 58000 6cf0da11 SafeArrayCreateVector 57999->58000 58001 6cf0da03 57999->58001 58002 6cf0da27 SafeArrayPutElement 58000->58002 58006 6cf0da48 58000->58006 58001->58000 58003 6cf0da3d 58002->58003 58002->58006 58003->58002 58003->58006 58004 6cf0daa4 58004->57959 58005 6cf0da9d SafeArrayDestroy 58005->58004 58006->58004 58006->58005 58008 6cf1b5b5 58007->58008 58009 6cf1b5cb VariantInit VariantInit 58007->58009 58008->57929 58011 6cf1b5ee 58009->58011 58010 6cf1b675 VariantClear VariantClear 58010->57929 58011->58010 58015 6cf0af97 58012->58015 58013 6cf0b22c VariantClear VariantClear VariantClear 58014 6cf0b254 58013->58014 58014->57931 58015->58013 58016 6cf0affe VariantCopy 58015->58016 58017 6cf0b017 58016->58017 58018 6cf0b01d VariantClear 58016->58018 58017->58018 58019 6cf0b035 58018->58019 58019->58013 58020 6cf59bb5 77 API calls 58019->58020 58021 6cf0b0ae 58020->58021 58032 6cf5a136 66 API calls __write_nolock 58021->58032 58023 6cf0b108 58024 6cf0b190 SafeArrayGetLBound SafeArrayGetUBound 58023->58024 58025 6cf0b28d VariantClear VariantClear VariantClear 58023->58025 58029 6cf0b1fd collate 58023->58029 58026 6cf0b28b 58024->58026 58027 6cf0b1bf SafeArrayAccessData 58024->58027 58028 6cf0b2ba 58025->58028 58026->58025 58027->58026 58030 6cf0b1d3 _memmove 58027->58030 58028->57931 58029->58013 58031 6cf0b1eb SafeArrayUnaccessData 58030->58031 58031->58026 58031->58029 58032->58023 58034 6cf08d88 LeaveCriticalSection 58033->58034 58034->57937 58034->57938 58036 6cf0be01 58035->58036 58037 6cf0be2c SafeArrayDestroy 58036->58037 58038 6cf0be33 58036->58038 58037->58038 58039 6cf0befd collate 58038->58039 58041 6cf0be6a IsBadReadPtr 58038->58041 58044 6cf0be77 58038->58044 58042 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58039->58042 58040 6cf0af30 92 API calls 58040->58039 58041->58044 58043 6cf0c00f 58042->58043 58043->57939 58044->58040 58046 6cf08e39 58045->58046 58047 6cf08e7c EnterCriticalSection 58046->58047 58053 6cf08f7f collate 58046->58053 58048 6cf08e9e 58047->58048 58049 6cf08eac LeaveCriticalSection 58048->58049 58050 6cf08ebd 58049->58050 58049->58053 58051 6cf59bb5 77 API calls 58050->58051 58052 6cf08ec4 _memset 58051->58052 58055 6cf0c020 VariantInit VariantInit VariantInit VariantInit 58052->58055 58053->57941 58058 6cf0c098 58055->58058 58056 6cf0c307 VariantClear VariantClear VariantClear VariantClear 58057 6cf0c336 58056->58057 58057->58053 58058->58056 58059 6cf0b300 10 API calls 58058->58059 58062 6cf0c10c 58059->58062 58060 6cf1b6b0 233 API calls 58061 6cf0c234 58060->58061 58061->58056 58062->58056 58062->58060 58062->58061 58064 6cf09121 58063->58064 58065 6cf0912c EnterCriticalSection 58063->58065 58064->57782 58066 6cf09150 58065->58066 58067 6cf0915b LeaveCriticalSection 58066->58067 58068 6cf0923f 58067->58068 58069 6cf0916a EnterCriticalSection 58067->58069 58068->57782 58070 6cf09185 58069->58070 58071 6cf09190 LeaveCriticalSection 58070->58071 58071->58068 58072 6cf091a1 58071->58072 58079 6cf16b10 58072->58079 58083 6cf16b64 58079->58083 58080 6cf16f19 InterlockedCompareExchange 58082 6cf091f3 58080->58082 58082->58068 58150 6cf09840 58082->58150 58083->58080 58165 6cf22e20 58083->58165 58085 6cf16f12 SafeArrayDestroy 58085->58080 58086 6cf16bc2 58086->58080 58149 6cf16edd 58086->58149 58168 6cf228c0 InterlockedCompareExchange 58086->58168 58088 6cf16c6b 58088->58080 58089 6cf16c7e SafeArrayGetLBound 58088->58089 58088->58149 58090 6cf16c99 SafeArrayGetUBound 58089->58090 58089->58149 58091 6cf16cb4 SafeArrayAccessData 58090->58091 58090->58149 58092 6cf16cd5 58091->58092 58091->58149 58169 6cf15760 67 API calls std::tr1::_Xweak 58092->58169 58094 6cf16cf5 SafeArrayUnaccessData 58095 6cf16d07 58094->58095 58094->58149 58095->58149 58170 6cf01690 77 API calls 58095->58170 58097 6cf16d2c 58098 6cf59bb5 77 API calls 58097->58098 58099 6cf16d3f 58098->58099 58100 6cf05050 77 API calls 58099->58100 58101 6cf16d59 58100->58101 58102 6cf59bb5 77 API calls 58101->58102 58103 6cf16d63 58102->58103 58104 6cf05050 77 API calls 58103->58104 58105 6cf16d7f 58104->58105 58106 6cf59bb5 77 API calls 58105->58106 58107 6cf16d86 58106->58107 58108 6cf05050 77 API calls 58107->58108 58109 6cf16da0 58108->58109 58171 6cf050c0 77 API calls 58109->58171 58111 6cf16dab 58112 6cf59bb5 77 API calls 58111->58112 58113 6cf16db2 58112->58113 58114 6cf05050 77 API calls 58113->58114 58115 6cf16dcf 58114->58115 58172 6cf050c0 77 API calls 58115->58172 58117 6cf16dda 58118 6cf59bb5 77 API calls 58117->58118 58119 6cf16de7 58118->58119 58120 6cf05050 77 API calls 58119->58120 58121 6cf16e01 58120->58121 58173 6cf050c0 77 API calls 58121->58173 58123 6cf16e0c 58124 6cf59bb5 77 API calls 58123->58124 58125 6cf16e19 58124->58125 58126 6cf05050 77 API calls 58125->58126 58127 6cf16e33 58126->58127 58128 6cf59bb5 77 API calls 58127->58128 58129 6cf16e3a 58128->58129 58130 6cf05050 77 API calls 58129->58130 58131 6cf16e58 58130->58131 58132 6cf59bb5 77 API calls 58131->58132 58133 6cf16e5f 58132->58133 58134 6cf05050 77 API calls 58133->58134 58135 6cf16e79 58134->58135 58174 6cf050c0 77 API calls 58135->58174 58137 6cf16e84 58175 6cf050c0 77 API calls 58137->58175 58139 6cf16e8f 58140 6cf59bb5 77 API calls 58139->58140 58141 6cf16e9b 58140->58141 58142 6cf05050 77 API calls 58141->58142 58143 6cf16eb5 58142->58143 58176 6cf050c0 77 API calls 58143->58176 58145 6cf16ec0 58177 6cf050c0 77 API calls 58145->58177 58147 6cf16ecb 58178 6cf02a40 327 API calls 58147->58178 58149->58080 58149->58085 58151 6cf59bb5 77 API calls 58150->58151 58152 6cf09865 58151->58152 58153 6cf09227 58152->58153 58179 6cf59533 66 API calls std::exception::_Copy_str 58152->58179 58158 6cf07140 58153->58158 58155 6cf098ab 58180 6cf5ac75 RaiseException 58155->58180 58157 6cf098c0 58181 6cf22820 58158->58181 58160 6cf0719c 58164 6cf071d7 58160->58164 58186 6cf5919e 67 API calls 3 library calls 58160->58186 58162 6cf071f8 58162->57782 58164->58162 58187 6cf59d2c 66 API calls 2 library calls 58164->58187 58166 6cf22e67 58165->58166 58166->58086 58167 6cf22e9f InterlockedCompareExchange 58166->58167 58167->58086 58168->58088 58169->58094 58170->58097 58171->58111 58172->58117 58173->58123 58174->58137 58175->58139 58176->58145 58177->58147 58178->58149 58179->58155 58180->58157 58182 6cf22845 58181->58182 58183 6cf228af 58182->58183 58184 6cf59d66 _malloc 66 API calls 58182->58184 58183->58160 58185 6cf22876 58184->58185 58185->58160 58186->58164 58187->58162 58190 529d2ee CreateProcessA 58188->58190 58191 529d554 58190->58191 58191->57515 58194 529d270 CreateProcessA 58192->58194 58195 529d554 58194->58195 58195->57515 58197 529d7b8 Wow64SetThreadContext 58196->58197 58198 529d80d 58197->58198 58198->57516 58200 529d770 Wow64SetThreadContext 58199->58200 58202 529d80d 58200->58202 58202->57516 58204 529d870 VirtualAllocEx 58203->58204 58206 529d92e 58204->58206 58206->57517 58208 529d8b8 VirtualAllocEx 58207->58208 58209 529d92e 58208->58209 58209->57517 58211 529d9e0 WriteProcessMemory 58210->58211 58213 529da77 58211->58213 58213->57520 58215 529d990 WriteProcessMemory 58214->58215 58217 529da77 58215->58217 58217->57520 58219 529db2d ResumeThread 58218->58219 58220 529db77 58219->58220 58220->57523 58222 529dae8 ResumeThread 58221->58222 58224 529db77 58222->58224 58224->57523 58582 5295010 58583 529502c 58582->58583 58584 5295090 58583->58584 58586 5295100 58583->58586 58587 5295137 58586->58587 58591 5295918 58587->58591 58595 5295910 58587->58595 58588 52951aa 58588->58584 58592 529595c 58591->58592 58599 6cf22ed0 58592->58599 58593 52959a3 58593->58588 58596 5295915 58595->58596 58598 6cf22ed0 327 API calls 58596->58598 58597 52959a3 58597->58588 58598->58597 58600 6cf22f09 58599->58600 58620 6cf23006 collate 58599->58620 58601 6cf59bb5 77 API calls 58600->58601 58602 6cf22f31 58601->58602 58603 6cf59bb5 77 API calls 58602->58603 58604 6cf22f54 58603->58604 58605 6cf05050 77 API calls 58604->58605 58606 6cf22f6e 58605->58606 58607 6cf59bb5 77 API calls 58606->58607 58608 6cf22f75 58607->58608 58609 6cf05050 77 API calls 58608->58609 58610 6cf22f8f 58609->58610 58611 6cf59bb5 77 API calls 58610->58611 58612 6cf22f96 58611->58612 58613 6cf05050 77 API calls 58612->58613 58614 6cf22fb0 58613->58614 58615 6cf59bb5 77 API calls 58614->58615 58616 6cf22fb7 58615->58616 58617 6cf05050 77 API calls 58616->58617 58618 6cf22fd1 58617->58618 58619 6cf016b0 327 API calls 58618->58619 58619->58620 58620->58593 58225 6cf216af 58226 6cf216b4 58225->58226 58227 6cf2170f 58226->58227 58229 6cf59bb5 77 API calls 58226->58229 58228 6cf21769 58227->58228 58231 6cf59bb5 77 API calls 58227->58231 58230 6cf217c3 58228->58230 58233 6cf59bb5 77 API calls 58228->58233 58232 6cf216cd 58229->58232 58235 6cf59bb5 77 API calls 58230->58235 58241 6cf2181d 58230->58241 58239 6cf21727 58231->58239 58236 6cf216e9 58232->58236 58275 6cf1ea40 58232->58275 58237 6cf21781 58233->58237 58242 6cf217db 58235->58242 58280 6cf08400 58236->58280 58244 6cf2179d 58237->58244 58251 6cf1ea40 78 API calls 58237->58251 58238 6cf21743 58248 6cf08400 77 API calls 58238->58248 58239->58238 58246 6cf1ea40 78 API calls 58239->58246 58240 6cf21877 58245 6cf218d1 58240->58245 58252 6cf59bb5 77 API calls 58240->58252 58241->58240 58247 6cf59bb5 77 API calls 58241->58247 58249 6cf217f7 58242->58249 58255 6cf1ea40 78 API calls 58242->58255 58258 6cf08400 77 API calls 58244->58258 58246->58238 58253 6cf21835 58247->58253 58254 6cf2175f 58248->58254 58262 6cf08400 77 API calls 58249->58262 58251->58244 58257 6cf2188f 58252->58257 58259 6cf21851 58253->58259 58260 6cf1ea40 78 API calls 58253->58260 58289 6cf080b0 67 API calls collate 58254->58289 58255->58249 58263 6cf218ab 58257->58263 58267 6cf1ea40 78 API calls 58257->58267 58264 6cf217b9 58258->58264 58265 6cf08400 77 API calls 58259->58265 58260->58259 58266 6cf21813 58262->58266 58269 6cf08400 77 API calls 58263->58269 58290 6cf080b0 67 API calls collate 58264->58290 58270 6cf2186d 58265->58270 58291 6cf080b0 67 API calls collate 58266->58291 58267->58263 58272 6cf218c7 58269->58272 58292 6cf080b0 67 API calls collate 58270->58292 58293 6cf080b0 67 API calls collate 58272->58293 58276 6cf59bb5 77 API calls 58275->58276 58277 6cf1ea6b 58276->58277 58278 6cf1ea7e SysAllocString 58277->58278 58279 6cf1ea99 58277->58279 58278->58279 58279->58236 58281 6cf59bb5 77 API calls 58280->58281 58282 6cf0840d 58281->58282 58283 6cf08416 58282->58283 58294 6cf59533 66 API calls std::exception::_Copy_str 58282->58294 58288 6cf080b0 67 API calls collate 58283->58288 58285 6cf0844e 58295 6cf5ac75 RaiseException 58285->58295 58287 6cf08463 58288->58227 58289->58228 58290->58230 58291->58241 58292->58240 58293->58245 58294->58285 58295->58287 58621 6cf1e2ce 58622 6cf59bb5 77 API calls 58621->58622 58623 6cf1e2d5 58622->58623 58624 6cf1e2ee 58623->58624 58678 6cf21fd0 58623->58678 58626 6cf1e343 58624->58626 58629 6cf59bb5 77 API calls 58624->58629 58627 6cf1e360 58626->58627 58628 6cf1e3a6 58626->58628 58630 6cf59bb5 77 API calls 58627->58630 58634 6cf59bb5 77 API calls 58628->58634 58677 6cf1e564 collate 58628->58677 58633 6cf1e327 58629->58633 58631 6cf1e367 58630->58631 58718 6cf21910 78 API calls 2 library calls 58631->58718 58632 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58635 6cf1e76e 58632->58635 58703 6cf1eae0 58633->58703 58637 6cf1e400 58634->58637 58640 6cf59bb5 77 API calls 58637->58640 58639 6cf1e384 58719 6cf21b20 11 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 58639->58719 58641 6cf1e428 58640->58641 58644 6cf05050 77 API calls 58641->58644 58643 6cf1e399 58643->58628 58645 6cf1e442 58644->58645 58646 6cf59bb5 77 API calls 58645->58646 58647 6cf1e449 58646->58647 58648 6cf05050 77 API calls 58647->58648 58649 6cf1e463 58648->58649 58650 6cf59bb5 77 API calls 58649->58650 58651 6cf1e46a 58650->58651 58652 6cf05050 77 API calls 58651->58652 58653 6cf1e484 58652->58653 58654 6cf59bb5 77 API calls 58653->58654 58655 6cf1e48b 58654->58655 58656 6cf05050 77 API calls 58655->58656 58657 6cf1e4a5 58656->58657 58658 6cf59bb5 77 API calls 58657->58658 58659 6cf1e4ac 58658->58659 58660 6cf05050 77 API calls 58659->58660 58661 6cf1e4c6 58660->58661 58662 6cf1e4d3 58661->58662 58720 6cf5919e 67 API calls 3 library calls 58661->58720 58664 6cf59bb5 77 API calls 58662->58664 58665 6cf1e4e3 58664->58665 58666 6cf05050 77 API calls 58665->58666 58667 6cf1e4fd 58666->58667 58668 6cf59bb5 77 API calls 58667->58668 58669 6cf1e504 58668->58669 58670 6cf05050 77 API calls 58669->58670 58671 6cf1e51e 58670->58671 58672 6cf59bb5 77 API calls 58671->58672 58673 6cf1e525 58672->58673 58674 6cf05050 77 API calls 58673->58674 58675 6cf1e53f 58674->58675 58676 6cf016b0 327 API calls 58675->58676 58676->58677 58677->58632 58679 6cf59bb5 77 API calls 58678->58679 58680 6cf22013 58679->58680 58681 6cf221f3 58680->58681 58682 6cf22020 58680->58682 58755 6cf59533 66 API calls std::exception::_Copy_str 58681->58755 58721 6cf26480 58682->58721 58685 6cf2220b 58756 6cf5ac75 RaiseException 58685->58756 58687 6cf22226 58688 6cf2206c 58737 6cef35f0 58688->58737 58690 6cf2216e 58748 6cf22300 58690->58748 58692 6cf22194 58693 6cf22300 77 API calls 58692->58693 58694 6cf221a0 58693->58694 58695 6cf22300 77 API calls 58694->58695 58696 6cf221ad 58695->58696 58697 6cf22300 77 API calls 58696->58697 58698 6cf221ba 58697->58698 58699 6cf22300 77 API calls 58698->58699 58700 6cf221c6 58699->58700 58701 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58700->58701 58702 6cf221ef 58701->58702 58702->58624 58704 6cf59bb5 77 API calls 58703->58704 58705 6cf1eb17 58704->58705 58706 6cf1eb22 58705->58706 58707 6cf1f4c9 58705->58707 58801 6cf5a25a GetSystemTimeAsFileTime 58706->58801 58809 6cf59533 66 API calls std::exception::_Copy_str 58707->58809 58709 6cf1f4dc 58810 6cf5ac75 RaiseException 58709->58810 58712 6cf1f4f1 58713 6cf1eb5b 58803 6cf59dfa 58713->58803 58718->58639 58719->58643 58720->58662 58722 6cf2655d 58721->58722 58725 6cf264c8 58721->58725 58723 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58722->58723 58724 6cf2657d 58723->58724 58724->58688 58725->58722 58726 6cf2651d 58725->58726 58757 6cef2f40 77 API calls 58725->58757 58726->58722 58760 6cef2f40 77 API calls 58726->58760 58729 6cf264f5 58758 6cf26400 77 API calls std::tr1::_Xweak 58729->58758 58730 6cf26535 58761 6cf26400 77 API calls std::tr1::_Xweak 58730->58761 58733 6cf2654e 58762 6cf5ac75 RaiseException 58733->58762 58734 6cf2650e 58759 6cf5ac75 RaiseException 58734->58759 58763 6cf46d40 58737->58763 58740 6cf26480 77 API calls 58741 6cef364c 58740->58741 58770 6cef4b30 58741->58770 58743 6cef36a7 58774 6cf286e0 58743->58774 58745 6cef36bc 58746 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58745->58746 58747 6cef3701 58746->58747 58747->58690 58749 6cf2231d 58748->58749 58750 6cf59bb5 77 API calls 58749->58750 58754 6cf223aa 58749->58754 58752 6cf22331 58750->58752 58751 6cf22374 collate 58751->58692 58752->58751 58800 6cf22480 77 API calls 58752->58800 58754->58692 58755->58685 58756->58687 58757->58729 58758->58734 58759->58726 58760->58730 58761->58733 58762->58722 58764 6cf26480 77 API calls 58763->58764 58765 6cf46d7f 58764->58765 58782 6cf28d80 58765->58782 58768 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58769 6cef3630 58768->58769 58769->58740 58771 6cef4b65 58770->58771 58792 6cef4fa0 58771->58792 58773 6cef4b7f 58773->58743 58775 6cf28728 58774->58775 58776 6cf28765 58775->58776 58798 6cf27cd0 77 API calls 3 library calls 58775->58798 58777 6cf5948b __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58776->58777 58778 6cf2878a 58777->58778 58778->58745 58780 6cf28756 58799 6cf5ac75 RaiseException 58780->58799 58783 6cf59d66 _malloc 66 API calls 58782->58783 58786 6cf28d8f 58783->58786 58784 6cf28dbb 58784->58768 58785 6cf591f6 70 API calls 58785->58786 58786->58784 58786->58785 58787 6cf28dc1 std::exception::exception 58786->58787 58790 6cf59d66 _malloc 66 API calls 58786->58790 58791 6cf5ac75 RaiseException 58787->58791 58789 6cf28df0 58790->58786 58791->58789 58793 6cf59bb5 77 API calls 58792->58793 58794 6cef4fcf 58793->58794 58795 6cef4ff1 58794->58795 58797 6cef5050 81 API calls _memcpy_s 58794->58797 58795->58773 58797->58795 58798->58780 58799->58776 58800->58754 58802 6cf5a28a __aulldiv 58801->58802 58802->58713 58811 6cf5eae6 58803->58811 58806 6cf59e0c 58807 6cf5eae6 __getptd 66 API calls 58806->58807 58808 6cf1eb69 58807->58808 58808->58626 58809->58709 58810->58712 58816 6cf5ea6d GetLastError 58811->58816 58813 6cf5eaee 58814 6cf1eb61 58813->58814 58831 6cf5d4f6 66 API calls 3 library calls 58813->58831 58814->58806 58817 6cf5e948 ___set_flsgetvalue 3 API calls 58816->58817 58818 6cf5ea84 58817->58818 58819 6cf5ea8c 58818->58819 58820 6cf5eada SetLastError 58818->58820 58832 6cf5cb28 66 API calls __calloc_crt 58819->58832 58820->58813 58822 6cf5ea98 58822->58820 58823 6cf5eaa0 DecodePointer 58822->58823 58824 6cf5eab5 58823->58824 58825 6cf5ead1 58824->58825 58826 6cf5eab9 58824->58826 58834 6cf59d2c 66 API calls 2 library calls 58825->58834 58833 6cf5e9b9 66 API calls 4 library calls 58826->58833 58829 6cf5ead7 58829->58820 58830 6cf5eac1 GetCurrentThreadId 58830->58820 58832->58822 58833->58830 58834->58829

                                                                          Executed Functions

                                                                          Function 6CF1B6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 720 6cf1b6b0-6cf1b758 VariantInit * 2 721 6cf1b764-6cf1b769 720->721 722 6cf1b75a-6cf1b75f call 6cf6c1e0 720->722 724 6cf1b773-6cf1b784 721->724 725 6cf1b76b-6cf1b770 721->725 722->721 727 6cf1be96-6cf1beb4 VariantClear * 2 724->727 728 6cf1b78a-6cf1b791 724->728 725->724 731 6cf1beb6-6cf1bebb 727->731 732 6cf1bebe-6cf1beca 727->732 729 6cf1b793-6cf1b798 728->729 730 6cf1b7b9-6cf1b7e2 SafeArrayCreateVector 728->730 735 6cf1b7a2-6cf1b7b3 729->735 736 6cf1b79a-6cf1b79f 729->736 737 6cf1b7e4-6cf1b7e7 730->737 738 6cf1b7ec-6cf1b809 SafeArrayPutElement VariantClear 730->738 731->732 733 6cf1bed4-6cf1bef2 call 6cf5948b 732->733 734 6cf1becc-6cf1bed1 732->734 734->733 735->727 735->730 736->735 737->738 740 6cf1be85-6cf1be8d 738->740 741 6cf1b80f-6cf1b81d 738->741 740->727 744 6cf1be8f-6cf1be90 SafeArrayDestroy 740->744 745 6cf1b829-6cf1b841 741->745 746 6cf1b81f-6cf1b824 call 6cf6c1e0 741->746 744->727 745->740 749 6cf1b847-6cf1b853 745->749 746->745 749->740 750 6cf1b859-6cf1b85e 749->750 750->740 751 6cf1b864-6cf1b86b 750->751 752 6cf1b871-6cf1b87e 751->752 753 6cf1b913-6cf1b917 751->753 756 6cf1b880-6cf1b882 752->756 757 6cf1b888-6cf1b8f8 call 6cf1dbc0 call 6cf15790 call 6cf1c850 752->757 754 6cf1b921-6cf1b941 call 6cf0dcd0 753->754 755 6cf1b919-6cf1b91b 753->755 754->740 762 6cf1b947-6cf1b964 call 6cf0dcd0 754->762 755->740 755->754 756->740 756->757 772 6cf1b904-6cf1b90e call 6cf1e800 757->772 773 6cf1b8fa-6cf1b8ff call 6cf1e800 757->773 762->740 768 6cf1b96a-6cf1b96d 762->768 770 6cf1b993-6cf1b9bf 768->770 771 6cf1b96f-6cf1b98d call 6cf0dcd0 768->771 774 6cf1b9c1-6cf1b9c6 call 6cf6c1e0 770->774 775 6cf1b9cb-6cf1ba1d VariantClear 770->775 771->740 771->770 772->770 783 6cf1be83 773->783 774->775 775->740 785 6cf1ba23-6cf1ba31 775->785 783->740 786 6cf1ba33-6cf1ba38 call 6cf6c1e0 785->786 787 6cf1ba3d-6cf1ba8b 785->787 786->787 787->740 790 6cf1ba91-6cf1ba95 787->790 790->740 791 6cf1ba9b-6cf1baa7 call 6cf59bb5 790->791 794 6cf1bab6 791->794 795 6cf1baa9-6cf1bab4 791->795 796 6cf1bab8-6cf1bacc call 6cf1bf00 794->796 795->796 796->740 799 6cf1bad2-6cf1bada 796->799 800 6cf1baf3-6cf1baf8 799->800 801 6cf1badc-6cf1baed call 6cf147d0 799->801 803 6cf1bb11-6cf1bb2e call 6cf149b0 800->803 804 6cf1bafa-6cf1bb0b call 6cf147d0 800->804 801->740 801->800 803->740 810 6cf1bb34-6cf1bb4b call 6cf1cd20 803->810 804->740 804->803 810->740 813 6cf1bb51-6cf1bb8e call 6cf15790 call 6cf14170 810->813 818 6cf1bb90-6cf1bb95 call 6cf1e800 813->818 819 6cf1bb9a-6cf1bba8 call 6cf1e800 813->819 818->783 824 6cf1bca2 819->824 825 6cf1bbae-6cf1bbc0 819->825 826 6cf1bca8-6cf1bcae 824->826 825->824 827 6cf1bbc6-6cf1bc5b call 6cf0c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6cf1db10 825->827 828 6cf1bcb4-6cf1bcc6 826->828 829 6cf1bd78-6cf1bdc8 826->829 839 6cf1bc60-6cf1bc75 827->839 828->829 832 6cf1bccc-6cf1bd76 call 6cf0c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6cf1db10 VariantClear * 2 828->832 829->783 840 6cf1bdce-6cf1bdd7 829->840 832->829 842 6cf1bc90-6cf1bca0 VariantClear * 2 839->842 843 6cf1bc77-6cf1bc8d 839->843 840->783 844 6cf1bddd-6cf1bde4 840->844 842->826 843->842 844->783 847 6cf1bdea-6cf1be03 call 6cf59bb5 844->847 850 6cf1be12 847->850 851 6cf1be05-6cf1be10 call 6cf0c4a0 847->851 853 6cf1be14-6cf1be3c 850->853 851->853 854 6cf1be7f 853->854 855 6cf1be3e-6cf1be50 853->855 854->783 855->854 857 6cf1be52-6cf1be65 call 6cf59bb5 855->857 860 6cf1be71 857->860 861 6cf1be67-6cf1be6f call 6cf0c4a0 857->861 863 6cf1be73-6cf1be7c 860->863 861->863 863->854
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1B73F
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1B748
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1B7BE
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1B7F5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1B801
                                                                            • Part of subcall function 6CF1C850: VariantInit.OLEAUT32(?), ref: 6CF1C88F
                                                                            • Part of subcall function 6CF1C850: VariantInit.OLEAUT32(?), ref: 6CF1C895
                                                                            • Part of subcall function 6CF1C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1C8A0
                                                                            • Part of subcall function 6CF1C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF1C8D5
                                                                            • Part of subcall function 6CF1C850: VariantClear.OLEAUT32(?), ref: 6CF1C8E1
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1BA15
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1BE90
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1BEA3
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1BEA9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                          • String ID:
                                                                          • API String ID: 2012514194-0
                                                                          • Opcode ID: f93c4e5ae155a5a21d1e8a12434442f3b12e453641f745e144529c106ab55c0b
                                                                          • Instruction ID: 02c7a6857018c6fce1172aa77eec28e3e0b92253c75ae6a8ea1afa70eefae25a
                                                                          • Opcode Fuzzy Hash: f93c4e5ae155a5a21d1e8a12434442f3b12e453641f745e144529c106ab55c0b
                                                                          • Instruction Fuzzy Hash: B5527DB1D04218DFDB15DFA8C880BEEBBB6BF49304F148599E509ABB50DB70A945CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0EB3 Relevance: 29.6, Strings: 23, Instructions: 800COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 865 5ca0eb3-5ca0ece 867 5ca19bb-5ca19bf 865->867 868 5ca0ed4-5ca0ee6 865->868 869 5ca19d2-5ca1a58 867->869 870 5ca19c1-5ca19cd 867->870 873 5ca0ee8-5ca0f0a 868->873 874 5ca0f15-5ca0f36 868->874 887 5ca1a5a-5ca1a66 869->887 888 5ca1a82 869->888 872 5ca1ee8-5ca1ef5 870->872 873->874 879 5ca0f3c-5ca0f52 873->879 874->879 881 5ca0f5e-5ca1042 879->881 882 5ca0f54-5ca0f58 879->882 904 5ca106c 881->904 905 5ca1044-5ca1050 881->905 882->867 882->881 889 5ca1a68-5ca1a6e 887->889 890 5ca1a70-5ca1a76 887->890 891 5ca1a88-5ca1acd 888->891 893 5ca1a80 889->893 890->893 1022 5ca1ad0 call 529cf49 891->1022 1023 5ca1ad0 call 529cf50 891->1023 893->891 896 5ca1ad2-5ca1adf 898 5ca1ae1 896->898 899 5ca1ae5-5ca1b0e 896->899 898->899 902 5ca1c40-5ca1c47 899->902 903 5ca1b14-5ca1b40 899->903 907 5ca1d4f-5ca1db0 902->907 908 5ca1c4d-5ca1d4c 902->908 915 5ca1b42 903->915 916 5ca1b47-5ca1b82 903->916 906 5ca1072-5ca1124 904->906 909 5ca105a-5ca1060 905->909 910 5ca1052-5ca1058 905->910 929 5ca114e 906->929 930 5ca1126-5ca1132 906->930 907->872 908->907 912 5ca106a 909->912 910->912 912->906 915->916 916->902 934 5ca1154-5ca116f 929->934 931 5ca113c-5ca1142 930->931 932 5ca1134-5ca113a 930->932 935 5ca114c 931->935 932->935 938 5ca1199 934->938 939 5ca1171-5ca117d 934->939 935->934 940 5ca119f-5ca11bd 938->940 941 5ca117f-5ca1185 939->941 942 5ca1187-5ca118d 939->942 948 5ca12db-5ca13bf 940->948 949 5ca11c3-5ca12c3 940->949 945 5ca1197 941->945 942->945 945->940 962 5ca13e9 948->962 963 5ca13c1-5ca13cd 948->963 949->948 967 5ca13ef-5ca1444 962->967 964 5ca13cf-5ca13d5 963->964 965 5ca13d7-5ca13dd 963->965 968 5ca13e7 964->968 965->968 975 5ca144a-5ca1549 967->975 976 5ca1562-5ca1638 967->976 968->967 975->976 976->867 985 5ca163e-5ca1647 976->985 987 5ca1649-5ca164c 985->987 988 5ca1652-5ca1751 985->988 987->988 989 5ca176a-5ca1781 987->989 988->989 989->867 995 5ca1787-5ca1898 989->995 1011 5ca189a-5ca189d 995->1011 1012 5ca18a3-5ca19a2 995->1012 1011->867 1011->1012 1012->867 1022->896 1023->896
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
                                                                          • API String ID: 0-3728642687
                                                                          • Opcode ID: 346b624d3dd50bbc20e4afcbdbed55552ce89dfa13701081de8a50f14242df2f
                                                                          • Instruction ID: f0a966cd0b3649dce57dbe77c339e8741043d3d824c9990135b48437655b86b2
                                                                          • Opcode Fuzzy Hash: 346b624d3dd50bbc20e4afcbdbed55552ce89dfa13701081de8a50f14242df2f
                                                                          • Instruction Fuzzy Hash: EE82C375E002298FDB64DF69C988BD9BBB2BB48300F1485E9D50DAB365DB309E85CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1445 6cf0b6c0-6cf0b715 GetModuleHandleW 1446 6cf0b717-6cf0b724 LoadLibraryW 1445->1446 1447 6cf0b72a-6cf0b738 GetProcAddress 1445->1447 1446->1447 1448 6cf0b94c-6cf0b954 1446->1448 1447->1448 1449 6cf0b73e-6cf0b750 1447->1449 1450 6cf0b956-6cf0b95b 1448->1450 1451 6cf0b95e-6cf0b96a 1448->1451 1449->1448 1456 6cf0b756-6cf0b771 1449->1456 1450->1451 1453 6cf0b974-6cf0b98f call 6cf5948b 1451->1453 1454 6cf0b96c-6cf0b971 1451->1454 1454->1453 1456->1448 1459 6cf0b777-6cf0b788 1456->1459 1459->1448 1461 6cf0b78e-6cf0b791 1459->1461 1461->1448 1462 6cf0b797-6cf0b7b2 1461->1462 1462->1448 1464 6cf0b7b8-6cf0b7c5 1462->1464 1464->1448 1466 6cf0b7cb-6cf0b7d0 1464->1466 1467 6cf0b7d2-6cf0b7d7 1466->1467 1468 6cf0b7da-6cf0b7e7 1466->1468 1467->1468 1469 6cf0b7ec-6cf0b7ee 1468->1469 1469->1448 1470 6cf0b7f4-6cf0b7f9 1469->1470 1471 6cf0b805-6cf0b80a 1470->1471 1472 6cf0b7fb-6cf0b800 call 6cf6c1e0 1470->1472 1474 6cf0b814-6cf0b829 1471->1474 1475 6cf0b80c-6cf0b811 1471->1475 1472->1471 1474->1448 1477 6cf0b82f-6cf0b849 1474->1477 1475->1474 1478 6cf0b850-6cf0b85b 1477->1478 1478->1478 1479 6cf0b85d-6cf0b8a4 call 6cf5a116 GetModuleHandleW 1478->1479 1479->1448 1482 6cf0b8aa-6cf0b8c1 1479->1482 1483 6cf0b8c5-6cf0b8d0 1482->1483 1483->1483 1484 6cf0b8d2-6cf0b8f0 GetProcAddress 1483->1484 1484->1448 1485 6cf0b8f2-6cf0b8ff call 6cef5340 1484->1485 1489 6cf0b900-6cf0b905 1485->1489 1489->1489 1490 6cf0b907-6cf0b90d 1489->1490 1490->1489 1491 6cf0b90f-6cf0b912 1490->1491 1492 6cf0b914-6cf0b929 1491->1492 1493 6cf0b93a 1491->1493 1494 6cf0b931-6cf0b938 1492->1494 1495 6cf0b92b-6cf0b92e 1492->1495 1496 6cf0b93d-6cf0b948 call 6cf0ad80 1493->1496 1494->1496 1495->1494 1496->1448
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(mscoree.dll,8193A27A), ref: 6CF0B711
                                                                          • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6CF0B71C
                                                                          • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6CF0B730
                                                                          • __cftoe.LIBCMT ref: 6CF0B870
                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6CF0B88B
                                                                          • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6CF0B8D7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                                          • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                                          • API String ID: 1275574042-506955582
                                                                          • Opcode ID: ebe81b5fb663e1356690e30652fe4ec27344960b4fdeff7855630860003cd1eb
                                                                          • Instruction ID: 29ae6bdf4380f91440a863582bb578670f4abbadd5f1e06c81c15bd65c8200cc
                                                                          • Opcode Fuzzy Hash: ebe81b5fb663e1356690e30652fe4ec27344960b4fdeff7855630860003cd1eb
                                                                          • Instruction Fuzzy Hash: 50918B71E062499FDB04DFE8C8909AEBBB4FF49314F608A6CE119EB750D730A906CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CCAF8 Relevance: 7.1, Strings: 5, Instructions: 835COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                                          • API String ID: 0-3486158592
                                                                          • Opcode ID: 872ba846f60f648b63b33524c65fa3c9f6edc71ced1048b43c94bf462aac790a
                                                                          • Instruction ID: fa1eb87985a7a0ddfe463941882ee1f4b3b15573b3ff429be498caa48d0e223c
                                                                          • Opcode Fuzzy Hash: 872ba846f60f648b63b33524c65fa3c9f6edc71ced1048b43c94bf462aac790a
                                                                          • Instruction Fuzzy Hash: B6628031B001159FCB18DF68C494AADBBB6BF88354F25856DE909DB3A4DB31EC41CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 052920F5 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: D
                                                                          • API String ID: 0-2746444292
                                                                          • Opcode ID: 6a0e99e9071d6021a9e7e7fa4de3c7fca65b1df6e0108278c49e254d62eb871c
                                                                          • Instruction ID: cc9ff7c3e0c5a645f63251bf48bafed2dba93368c8d160a8169d56a48ab1bc20
                                                                          • Opcode Fuzzy Hash: 6a0e99e9071d6021a9e7e7fa4de3c7fca65b1df6e0108278c49e254d62eb871c
                                                                          • Instruction Fuzzy Hash: 4D52D874A00219CFCB64DF68C998A9DB7B6FF89300F1081E9D549AB365CB35AE81CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296B19 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 8cq
                                                                          • API String ID: 0-304758316
                                                                          • Opcode ID: 635cd379aefa3784e6ceb83fded01df9df3828cf26fb5e0dc444938c3af93393
                                                                          • Instruction ID: 6d75124d73f3a3b2c160e7123d71b2ea8f2b54dd9396be8144d676fd6e4f3b79
                                                                          • Opcode Fuzzy Hash: 635cd379aefa3784e6ceb83fded01df9df3828cf26fb5e0dc444938c3af93393
                                                                          • Instruction Fuzzy Hash: 9F31E475D41208AFDB04CFA9D880AEEBBF6FF49310F10906AE911B7360DB719A45CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296B20 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 8cq
                                                                          • API String ID: 0-304758316
                                                                          • Opcode ID: 0d5cfe766e6177694d0eb0e08332ea9709449b5498acbe6b7d50b9d330cb2bb5
                                                                          • Instruction ID: e8f5f2b371b06258d27c8bef5fac76d1c343fffdc32b3bc2faa407ca708d5c33
                                                                          • Opcode Fuzzy Hash: 0d5cfe766e6177694d0eb0e08332ea9709449b5498acbe6b7d50b9d330cb2bb5
                                                                          • Instruction Fuzzy Hash: 0831E475D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE911B7260DB719A05CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C82C8 Relevance: .6, Instructions: 608COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 389c8b7fa197d38586ad763160621a5e9352c8eafea4e9238bbfef8b7cf39237
                                                                          • Instruction ID: 3fcbd6538fea4c684d436d98ff30694fb1ca3743b61b0826b77f639c42ff0300
                                                                          • Opcode Fuzzy Hash: 389c8b7fa197d38586ad763160621a5e9352c8eafea4e9238bbfef8b7cf39237
                                                                          • Instruction Fuzzy Hash: 8F729F74A002288FDB65DF64C958BDDBBB2BB88300F1081E9D94DA7364DB365E85CF41
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA26F8 Relevance: .5, Instructions: 481COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c710d09684543cdcbfcc546fd9180d7f53eb7239c8c9070eb8e58446be34479a
                                                                          • Instruction ID: b84c4d8d644bb840a0086fac322db19b4fd9291bbebb3e314311645428812144
                                                                          • Opcode Fuzzy Hash: c710d09684543cdcbfcc546fd9180d7f53eb7239c8c9070eb8e58446be34479a
                                                                          • Instruction Fuzzy Hash: 01329F74E012299FDB64DFA9C890BEDBBB2BF89300F1081AAD549A7354DB305E81CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C9560 Relevance: .4, Instructions: 393COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8cfebd4e4df3132abbb9ae8efe00ff137c50b3ab83b15744f9f9213bd35c0981
                                                                          • Instruction ID: 2ab845bcd74dad9fe40150a2c42c088d69cbed586a43226b06369ab326064004
                                                                          • Opcode Fuzzy Hash: 8cfebd4e4df3132abbb9ae8efe00ff137c50b3ab83b15744f9f9213bd35c0981
                                                                          • Instruction Fuzzy Hash: 05129074E01228CFEB64DF69D994BADBBB2BF89300F2081A9D44DA7255DB305E81CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA26F6 Relevance: .2, Instructions: 188COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eeb3a6a4c9cf4806dfb5e57177d130f4fd718da1a01129b57be5da8979e4b533
                                                                          • Instruction ID: 19b73cd6d20124fd864e2c42a657da76fb04cc5a005791b113ddd3efce3ee233
                                                                          • Opcode Fuzzy Hash: eeb3a6a4c9cf4806dfb5e57177d130f4fd718da1a01129b57be5da8979e4b533
                                                                          • Instruction Fuzzy Hash: B591B074E012289FDB68DFA9C850BDDBBB2BF89300F1081AAD54DAB354DB345A85CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CA750 Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7a950b8b15737f2674404909e551bde89810ec7ed9c77f44c8c0538cb6db5abc
                                                                          • Instruction ID: d5aa07369cf79995beed8f11dea9a5576bc4feefc72de56699143f449d39235b
                                                                          • Opcode Fuzzy Hash: 7a950b8b15737f2674404909e551bde89810ec7ed9c77f44c8c0538cb6db5abc
                                                                          • Instruction Fuzzy Hash: BF41D2B0E0562CCBEB68CF2AD8447D9BAF6BF89300F14C5A9D549A7254DB700A81CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF19357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF184BF
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF184D2
                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6CF1850A
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF194C1
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF194D4
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF1950C
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF197A4
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF197B7
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF197F2
                                                                            • Part of subcall function 6CF13A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF13B71
                                                                            • Part of subcall function 6CF13A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF13B83
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF19D5F
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF19D72
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF19DAF
                                                                            • Part of subcall function 6CF13A90: SafeArrayDestroy.OLEAUT32(?), ref: 6CF13BCF
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF1A1BC
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF1A1CF
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF1A20C
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                          • String ID: A
                                                                          • API String ID: 959723449-3554254475
                                                                          • Opcode ID: 9a777bf66b0c4843828f8404f4826050604dbf1e5ff95cdd82930648ea4acfe9
                                                                          • Instruction ID: 49ba23ec1a0e23aab55d7188877dba6bf36c2b9a5dc283fd6a15727de4b76619
                                                                          • Opcode Fuzzy Hash: 9a777bf66b0c4843828f8404f4826050604dbf1e5ff95cdd82930648ea4acfe9
                                                                          • Instruction Fuzzy Hash: 8D239270A05205DFDB00DFA4C894FD977F9AF49308F548194EA09ABB92DB71E949CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF12970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1024 6cf12970-6cf129c1 1025 6cf129c3-6cf129c8 call 6cf6c1e0 1024->1025 1026 6cf129cd-6cf129d7 1024->1026 1025->1026 1092 6cf129d8 call 109d171 1026->1092 1093 6cf129d8 call 109d170 1026->1093 1028 6cf129da-6cf129dc 1029 6cf12d12-6cf12d18 1028->1029 1030 6cf129e2-6cf129e8 1028->1030 1031 6cf12d21-6cf12d37 1029->1031 1032 6cf12d1a-6cf12d1b SafeArrayDestroy 1029->1032 1030->1031 1033 6cf129ee-6cf12a1a SafeArrayGetLBound SafeArrayGetUBound 1030->1033 1032->1031 1033->1029 1034 6cf12a20-6cf12a37 SafeArrayGetElement 1033->1034 1034->1029 1035 6cf12a3d-6cf12a4d 1034->1035 1035->1025 1036 6cf12a53-6cf12a66 1035->1036 1090 6cf12a67 call 109d171 1036->1090 1091 6cf12a67 call 109d170 1036->1091 1037 6cf12a69-6cf12a6f 1038 6cf12a75-6cf12a77 1037->1038 1039 6cf12d5a-6cf12d5f 1037->1039 1038->1039 1040 6cf12a7d-6cf12a92 call 6cf138e0 1038->1040 1041 6cf12c76-6cf12c78 1039->1041 1046 6cf12c58-6cf12c63 1040->1046 1047 6cf12a98-6cf12aac 1040->1047 1041->1029 1042 6cf12c7e-6cf12c86 1041->1042 1042->1029 1050 6cf12c65-6cf12c6a 1046->1050 1051 6cf12c6d-6cf12c72 1046->1051 1048 6cf12ab6-6cf12acc VariantInit 1047->1048 1049 6cf12aae-6cf12ab3 1047->1049 1048->1025 1052 6cf12ad2-6cf12ae3 1048->1052 1049->1048 1050->1051 1051->1041 1053 6cf12ae5-6cf12ae7 1052->1053 1054 6cf12ae9-6cf12aeb 1052->1054 1055 6cf12aee-6cf12af2 1053->1055 1054->1055 1056 6cf12af4-6cf12af6 1055->1056 1057 6cf12af8 1055->1057 1058 6cf12afa-6cf12b34 1056->1058 1057->1058 1060 6cf12c8b-6cf12caa VariantClear * 2 1058->1060 1061 6cf12b3a-6cf12b50 VariantInit 1058->1061 1060->1051 1062 6cf12cac-6cf12cb4 1060->1062 1061->1025 1063 6cf12b56-6cf12b67 1061->1063 1062->1051 1064 6cf12b69-6cf12b6b 1063->1064 1065 6cf12b6d-6cf12b6f 1063->1065 1067 6cf12b72-6cf12b76 1064->1067 1065->1067 1068 6cf12b78-6cf12b7a 1067->1068 1069 6cf12b7c 1067->1069 1070 6cf12b7e-6cf12bb8 1068->1070 1069->1070 1072 6cf12d3a-6cf12d55 VariantClear * 3 1070->1072 1073 6cf12bbe-6cf12bcb 1070->1073 1072->1046 1073->1072 1074 6cf12bd1-6cf12bf3 call 6cf23160 1073->1074 1078 6cf12cb6-6cf12cf1 VariantClear * 3 1074->1078 1079 6cf12bf9-6cf12c1f VariantClear * 3 1074->1079 1086 6cf12cf3-6cf12cf6 1078->1086 1087 6cf12cfb-6cf12d06 1078->1087 1080 6cf12c21-6cf12c26 1079->1080 1081 6cf12c29-6cf12c34 1079->1081 1080->1081 1082 6cf12c36-6cf12c3b 1081->1082 1083 6cf12c3e-6cf12c4d 1081->1083 1082->1083 1083->1034 1085 6cf12c53 1083->1085 1085->1029 1086->1087 1088 6cf12d10 1087->1088 1089 6cf12d08-6cf12d0d 1087->1089 1088->1029 1089->1088 1090->1037 1091->1037 1092->1028 1093->1028
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF129F6
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF12A08
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF12A2F
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF12ABB
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF12B3F
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12C04
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12C0B
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12C12
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12C96
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12C9D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12CD6
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12CDD
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12CE4
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF12D1B
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12D45
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12D4C
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12D53
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                                          • String ID:
                                                                          • API String ID: 214056513-0
                                                                          • Opcode ID: 3d581c98755ae9e990ea9afab92a5354a895d7c8ced3a701c4b1f5faee37f235
                                                                          • Instruction ID: 40ddba54384abf2faa71c7407c9a257ac3925378d8ef2fac0ead039a0050dfb4
                                                                          • Opcode Fuzzy Hash: 3d581c98755ae9e990ea9afab92a5354a895d7c8ced3a701c4b1f5faee37f235
                                                                          • Instruction Fuzzy Hash: 2EC16A716083419FD700DFA8C888A5BBBF9BF8A304F20895DF695C7660C776E945CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0AF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1094 6cf0af30-6cf0af95 VariantInit * 3 1095 6cf0afa1-6cf0afa7 1094->1095 1096 6cf0af97-6cf0af9c call 6cf6c1e0 1094->1096 1098 6cf0afb1-6cf0afbf 1095->1098 1099 6cf0afa9-6cf0afae 1095->1099 1096->1095 1173 6cf0afc0 call 109d171 1098->1173 1174 6cf0afc0 call 109d170 1098->1174 1099->1098 1100 6cf0afc2-6cf0afc4 1101 6cf0afca-6cf0afda call 6cf138e0 1100->1101 1102 6cf0b22c-6cf0b252 VariantClear * 3 1100->1102 1101->1102 1109 6cf0afe0-6cf0aff4 1101->1109 1104 6cf0b254-6cf0b257 1102->1104 1105 6cf0b25c-6cf0b26a 1102->1105 1104->1105 1107 6cf0b274-6cf0b288 1105->1107 1108 6cf0b26c-6cf0b271 1105->1108 1108->1107 1110 6cf0aff6-6cf0aff9 1109->1110 1111 6cf0affe-6cf0b015 VariantCopy 1109->1111 1110->1111 1112 6cf0b017-6cf0b018 call 6cf6c1e0 1111->1112 1113 6cf0b01d-6cf0b033 VariantClear 1111->1113 1112->1113 1115 6cf0b035-6cf0b03a call 6cf6c1e0 1113->1115 1116 6cf0b03f-6cf0b050 1113->1116 1115->1116 1118 6cf0b052-6cf0b054 1116->1118 1119 6cf0b056-6cf0b058 1116->1119 1120 6cf0b05b-6cf0b05f 1118->1120 1119->1120 1121 6cf0b061-6cf0b063 1120->1121 1122 6cf0b065 1120->1122 1123 6cf0b067-6cf0b09a 1121->1123 1122->1123 1175 6cf0b09d call 109d171 1123->1175 1176 6cf0b09d call 109d170 1123->1176 1124 6cf0b09f-6cf0b0a1 1124->1102 1125 6cf0b0a7-6cf0b0b3 call 6cf59bb5 1124->1125 1128 6cf0b0c1 1125->1128 1129 6cf0b0b5-6cf0b0bf 1125->1129 1130 6cf0b0c3-6cf0b0ca 1128->1130 1129->1130 1131 6cf0b0d0-6cf0b0d9 1130->1131 1131->1131 1132 6cf0b0db-6cf0b111 call 6cf591e1 call 6cf5a136 1131->1132 1137 6cf0b113-6cf0b118 call 6cf6c1e0 1132->1137 1138 6cf0b11d-6cf0b12b 1132->1138 1137->1138 1140 6cf0b131-6cf0b133 1138->1140 1141 6cf0b12d-6cf0b12f 1138->1141 1142 6cf0b136-6cf0b13a 1140->1142 1141->1142 1143 6cf0b140 1142->1143 1144 6cf0b13c-6cf0b13e 1142->1144 1145 6cf0b142-6cf0b17e 1143->1145 1144->1145 1147 6cf0b180-6cf0b18a 1145->1147 1148 6cf0b1ff-6cf0b203 1145->1148 1151 6cf0b190-6cf0b1b9 SafeArrayGetLBound SafeArrayGetUBound 1147->1151 1152 6cf0b28d-6cf0b2b8 VariantClear * 3 1147->1152 1149 6cf0b210-6cf0b215 1148->1149 1150 6cf0b205-6cf0b20e call 6cf59c35 1148->1150 1158 6cf0b223-6cf0b229 call 6cf59b35 1149->1158 1159 6cf0b217-6cf0b220 call 6cf59c35 1149->1159 1150->1149 1153 6cf0b28b 1151->1153 1154 6cf0b1bf-6cf0b1cd SafeArrayAccessData 1151->1154 1156 6cf0b2c2-6cf0b2d0 1152->1156 1157 6cf0b2ba-6cf0b2bf 1152->1157 1153->1152 1154->1153 1161 6cf0b1d3-6cf0b1f7 call 6cf591e1 call 6cf5a530 SafeArrayUnaccessData 1154->1161 1164 6cf0b2d2-6cf0b2d7 1156->1164 1165 6cf0b2da-6cf0b2ee 1156->1165 1157->1156 1158->1102 1159->1158 1161->1153 1172 6cf0b1fd 1161->1172 1164->1165 1172->1148 1173->1100 1174->1100 1175->1124 1176->1124
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF0AF75
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF0AF7C
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF0AF83
                                                                          • VariantCopy.OLEAUT32(?,?), ref: 6CF0B00D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B027
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF0B19C
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0B1AA
                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 6CF0B1C5
                                                                          • _memmove.LIBCMT ref: 6CF0B1E6
                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6CF0B1EF
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B237
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B23E
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B245
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B29D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B2A4
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B2AB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                                                          • String ID:
                                                                          • API String ID: 3403836469-0
                                                                          • Opcode ID: 75f778faf54a745c4d0e54b09da6bb02a2fb8e83081796e4dae876d71a2a1aeb
                                                                          • Instruction ID: 272f98c30974308400fdad6b9335cf7d56bf85d5b1baf6c728588f9c3372bac3
                                                                          • Opcode Fuzzy Hash: 75f778faf54a745c4d0e54b09da6bb02a2fb8e83081796e4dae876d71a2a1aeb
                                                                          • Instruction Fuzzy Hash: 6FC179B26083419FD700DF68C884A5BB7E9FF89704F148A6DF659C7650DB30E905DBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1D410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1177 6cf1d410-6cf1d44c 1178 6cf1d472-6cf1d4e0 VariantInit * 3 1177->1178 1179 6cf1d44e-6cf1d465 1177->1179 1181 6cf1d4e2-6cf1d4ea 1178->1181 1182 6cf1d4ec-6cf1d4f2 1178->1182 1180 6cf1d470 1179->1180 1180->1178 1183 6cf1d4f6-6cf1d504 1181->1183 1182->1183 1184 6cf1d506-6cf1d50d 1183->1184 1185 6cf1d51e-6cf1d527 1183->1185 1188 6cf1d514-6cf1d516 1184->1188 1189 6cf1d50f-6cf1d512 1184->1189 1186 6cf1d529-6cf1d530 1185->1186 1187 6cf1d538-6cf1d53c 1185->1187 1186->1187 1192 6cf1d532-6cf1d536 1186->1192 1191 6cf1d540-6cf1d544 1187->1191 1190 6cf1d518-6cf1d51c 1188->1190 1189->1190 1190->1184 1190->1185 1193 6cf1d704-6cf1d72f VariantClear * 3 1191->1193 1194 6cf1d54a-6cf1d5c0 call 6cf59d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1191->1194 1192->1191 1195 6cf1d731-6cf1d757 1193->1195 1196 6cf1d76c-6cf1d783 1193->1196 1201 6cf1d5c2-6cf1d5c4 1194->1201 1202 6cf1d5c6-6cf1d5ea call 6cf5a530 SafeArrayUnaccessData 1194->1202 1195->1180 1198 6cf1d75d 1195->1198 1204 6cf1d5ec-6cf1d605 SafeArrayPutElement 1201->1204 1202->1204 1206 6cf1d6e5-6cf1d6eb 1204->1206 1207 6cf1d60b-6cf1d629 1204->1207 1210 6cf1d6f6-6cf1d6f8 1206->1210 1211 6cf1d6ed-6cf1d6f3 call 6cf59d2c 1206->1211 1208 6cf1d633-6cf1d64f SafeArrayPutElement VariantClear 1207->1208 1209 6cf1d62b-6cf1d630 1207->1209 1208->1206 1212 6cf1d655-6cf1d664 1208->1212 1209->1208 1213 6cf1d701 1210->1213 1214 6cf1d6fa-6cf1d6fb SafeArrayDestroy 1210->1214 1211->1210 1217 6cf1d762-6cf1d767 call 6cf6c1e0 1212->1217 1218 6cf1d66a-6cf1d694 1212->1218 1213->1193 1214->1213 1217->1196 1230 6cf1d697 call 109d171 1218->1230 1231 6cf1d697 call 109d170 1218->1231 1220 6cf1d699-6cf1d69b 1220->1206 1221 6cf1d69d-6cf1d6a9 1220->1221 1221->1206 1222 6cf1d6ab-6cf1d6c1 call 6cf0db30 1221->1222 1222->1206 1225 6cf1d6c3-6cf1d6e0 call 6cf156b0 call 6cf16880 1222->1225 1225->1206 1230->1220 1231->1220
                                                                          APIs
                                                                          • VariantInit.OLEAUT32 ref: 6CF1D4B3
                                                                          • VariantInit.OLEAUT32 ref: 6CF1D4C5
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1D4CC
                                                                          • _malloc.LIBCMT ref: 6CF1D551
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF1D58B
                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6CF1D5A6
                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6CF1D5B8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                                          • String ID:
                                                                          • API String ID: 1552365394-0
                                                                          • Opcode ID: 4f861ae8c708f01dc8ecee738d902fab22ede40dc1f1fa1f3a100731655fe56f
                                                                          • Instruction ID: c9c30ba32ddbe6c72245e75d8645f764729755a6f4fe7a0e8209492156298d16
                                                                          • Opcode Fuzzy Hash: 4f861ae8c708f01dc8ecee738d902fab22ede40dc1f1fa1f3a100731655fe56f
                                                                          • Instruction Fuzzy Hash: 7FB157766083009FD315CF28C880A5BBBF9FF89314F14895DE89587B50E771E905CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1D468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1232 6cf1d468 1233 6cf1d470-6cf1d4e0 VariantInit * 3 1232->1233 1235 6cf1d4e2-6cf1d4ea 1233->1235 1236 6cf1d4ec-6cf1d4f2 1233->1236 1237 6cf1d4f6-6cf1d504 1235->1237 1236->1237 1238 6cf1d506-6cf1d50d 1237->1238 1239 6cf1d51e-6cf1d527 1237->1239 1242 6cf1d514-6cf1d516 1238->1242 1243 6cf1d50f-6cf1d512 1238->1243 1240 6cf1d529-6cf1d530 1239->1240 1241 6cf1d538-6cf1d53c 1239->1241 1240->1241 1246 6cf1d532-6cf1d536 1240->1246 1245 6cf1d540-6cf1d544 1241->1245 1244 6cf1d518-6cf1d51c 1242->1244 1243->1244 1244->1238 1244->1239 1247 6cf1d704-6cf1d72f VariantClear * 3 1245->1247 1248 6cf1d54a-6cf1d5c0 call 6cf59d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1245->1248 1246->1245 1249 6cf1d731-6cf1d757 1247->1249 1250 6cf1d76c-6cf1d783 1247->1250 1255 6cf1d5c2-6cf1d5c4 1248->1255 1256 6cf1d5c6-6cf1d5ea call 6cf5a530 SafeArrayUnaccessData 1248->1256 1249->1233 1252 6cf1d75d 1249->1252 1258 6cf1d5ec-6cf1d605 SafeArrayPutElement 1255->1258 1256->1258 1260 6cf1d6e5-6cf1d6eb 1258->1260 1261 6cf1d60b-6cf1d629 1258->1261 1264 6cf1d6f6-6cf1d6f8 1260->1264 1265 6cf1d6ed-6cf1d6f3 call 6cf59d2c 1260->1265 1262 6cf1d633-6cf1d64f SafeArrayPutElement VariantClear 1261->1262 1263 6cf1d62b-6cf1d630 1261->1263 1262->1260 1266 6cf1d655-6cf1d664 1262->1266 1263->1262 1267 6cf1d701 1264->1267 1268 6cf1d6fa-6cf1d6fb SafeArrayDestroy 1264->1268 1265->1264 1271 6cf1d762-6cf1d767 call 6cf6c1e0 1266->1271 1272 6cf1d66a-6cf1d694 1266->1272 1267->1247 1268->1267 1271->1250 1284 6cf1d697 call 109d171 1272->1284 1285 6cf1d697 call 109d170 1272->1285 1274 6cf1d699-6cf1d69b 1274->1260 1275 6cf1d69d-6cf1d6a9 1274->1275 1275->1260 1276 6cf1d6ab-6cf1d6c1 call 6cf0db30 1275->1276 1276->1260 1279 6cf1d6c3-6cf1d6e0 call 6cf156b0 call 6cf16880 1276->1279 1279->1260 1284->1274 1285->1274
                                                                          APIs
                                                                          • VariantInit.OLEAUT32 ref: 6CF1D4B3
                                                                          • VariantInit.OLEAUT32 ref: 6CF1D4C5
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1D4CC
                                                                          • _malloc.LIBCMT ref: 6CF1D551
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF1D58B
                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6CF1D5A6
                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6CF1D5B8
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1D601
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1D63E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                                                          • String ID:
                                                                          • API String ID: 2723946344-0
                                                                          • Opcode ID: 11e399da83f657c58b7710cca1bb24be49fdf10925166126a98f8f7ea087b559
                                                                          • Instruction ID: 277746a7712a65a26637b0fca644beb660048689c425d7da2779d9b77d1ffe73
                                                                          • Opcode Fuzzy Hash: 11e399da83f657c58b7710cca1bb24be49fdf10925166126a98f8f7ea087b559
                                                                          • Instruction Fuzzy Hash: A89136B56083019FD315CF28C880A5BBBF9BF89308F15895DE9958BB51E770E905CFA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF144C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1286 6cf144c0-6cf14538 VariantInit * 2 SafeArrayCreateVector 1287 6cf14542-6cf14564 SafeArrayPutElement VariantClear 1286->1287 1288 6cf1453a-6cf1453d 1286->1288 1289 6cf1456a-6cf14598 SafeArrayCreateVector SafeArrayPutElement 1287->1289 1290 6cf1476f-6cf14774 1287->1290 1288->1287 1289->1290 1293 6cf1459e-6cf145b9 SafeArrayPutElement 1289->1293 1291 6cf14776-6cf14777 SafeArrayDestroy 1290->1291 1292 6cf1477d-6cf1479b VariantClear * 2 1290->1292 1291->1292 1294 6cf147b0-6cf147c4 1292->1294 1295 6cf1479d-6cf147ad 1292->1295 1293->1290 1296 6cf145bf-6cf145d2 SafeArrayPutElement 1293->1296 1295->1294 1296->1290 1297 6cf145d8-6cf145e3 1296->1297 1298 6cf145e5-6cf145ea call 6cf6c1e0 1297->1298 1299 6cf145ef-6cf14604 1297->1299 1298->1299 1299->1290 1302 6cf1460a-6cf14615 1299->1302 1302->1290 1303 6cf1461b-6cf1469f 1302->1303 1310 6cf146a1-6cf1471f 1303->1310 1316 6cf14721-6cf14758 1310->1316 1319 6cf1475a call 6cf5919e 1316->1319 1320 6cf1475f-6cf1476a call 6cf1de60 1316->1320 1319->1320 1322 6cf1476c 1320->1322 1322->1290
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF144FF
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF14505
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF14516
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF14551
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1455A
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CF14579
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF14594
                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CF145B5
                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CF145CE
                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF1475A
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF14777
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14787
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1478D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 1304965753-0
                                                                          • Opcode ID: f3a6ddc12f070c40405fe5601bea63aecc8d05ca7d6ac2ef46df31803bc22719
                                                                          • Instruction ID: ccfb6658887c75cd51e3a308b72fcbcd1f587b2e0ddb4fbfdf9c65908a282150
                                                                          • Opcode Fuzzy Hash: f3a6ddc12f070c40405fe5601bea63aecc8d05ca7d6ac2ef46df31803bc22719
                                                                          • Instruction Fuzzy Hash: B4A13C75A052069BDB54DFA4C984EAFB7B9FF8C714F14462CE506ABB80CA30E941CF60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1BF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1324 6cf1bf00-6cf1bf6a VariantInit * 4 1325 6cf1bf74-6cf1bf86 1324->1325 1326 6cf1bf6c-6cf1bf71 1324->1326 1327 6cf1bf90-6cf1bfbb call 6cf1c150 1325->1327 1328 6cf1bf88-6cf1bf8d 1325->1328 1326->1325 1331 6cf1bfc1-6cf1bfdf call 6cf1c150 1327->1331 1332 6cf1c0c4-6cf1c0cd 1327->1332 1328->1327 1331->1332 1339 6cf1bfe5-6cf1c019 call 6cf1dc40 1331->1339 1333 6cf1c0e2-6cf1c149 call 6cf5a1f7 * 2 VariantClear * 4 call 6cf5948b 1332->1333 1334 6cf1c0cf-6cf1c0df 1332->1334 1334->1333 1345 6cf1c020-6cf1c029 1339->1345 1346 6cf1c01b-6cf1c01e 1339->1346 1347 6cf1c02b-6cf1c02c 1345->1347 1348 6cf1c02e 1345->1348 1350 6cf1c035-6cf1c037 call 6cf144c0 1346->1350 1351 6cf1c030-6cf1c032 1347->1351 1348->1351 1353 6cf1c03c-6cf1c03e 1350->1353 1351->1350 1353->1332 1355 6cf1c044-6cf1c05c VariantInit VariantCopy 1353->1355 1356 6cf1c064-6cf1c07a 1355->1356 1357 6cf1c05e-6cf1c05f call 6cf6c1e0 1355->1357 1356->1332 1360 6cf1c07c-6cf1c094 VariantInit VariantCopy 1356->1360 1357->1356 1361 6cf1c096-6cf1c097 call 6cf6c1e0 1360->1361 1362 6cf1c09c-6cf1c0af 1360->1362 1361->1362 1362->1332 1365 6cf1c0b1-6cf1c0c0 1362->1365 1365->1332
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Init$Clear$Copy
                                                                          • String ID:
                                                                          • API String ID: 3833040332-0
                                                                          • Opcode ID: 50881a66a04989a3284ebc0ade6a89091c5a80b9e899e0ac92ffda0981002d1b
                                                                          • Instruction ID: 1e5b0d57ac96c36ed8ec5ebd27745e753e48c23314e8f9cf75fd476fa3a75e23
                                                                          • Opcode Fuzzy Hash: 50881a66a04989a3284ebc0ade6a89091c5a80b9e899e0ac92ffda0981002d1b
                                                                          • Instruction Fuzzy Hash: 2A819C71905219AFDB04EFA8C880FEEBBB9FF49308F144559E905A7B40DB71A905CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF164D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1366 6cf164d0-6cf16552 VariantInit * 3 SafeArrayCreateVector 1367 6cf16554-6cf16559 1366->1367 1368 6cf1655c-6cf1657e SafeArrayPutElement VariantClear 1366->1368 1367->1368 1369 6cf16661-6cf16663 1368->1369 1370 6cf16584-6cf165a1 1368->1370 1373 6cf16665-6cf16666 SafeArrayDestroy 1369->1373 1374 6cf1666c-6cf1669d VariantClear * 3 1369->1374 1371 6cf165a3-6cf165a6 1370->1371 1372 6cf165ab-6cf165c7 SafeArrayPutElement VariantClear 1370->1372 1371->1372 1372->1369 1375 6cf165cd-6cf165db 1372->1375 1373->1374 1376 6cf165e7-6cf16613 1375->1376 1377 6cf165dd-6cf165e2 call 6cf6c1e0 1375->1377 1389 6cf16616 call 109d171 1376->1389 1390 6cf16616 call 109d170 1376->1390 1377->1376 1379 6cf16618-6cf1661a 1379->1369 1380 6cf1661c-6cf16628 1379->1380 1380->1369 1381 6cf1662a-6cf1663c call 6cf0db30 1380->1381 1381->1369 1384 6cf1663e-6cf16650 call 6cf156b0 call 6cf16880 1381->1384 1388 6cf16655-6cf1665c 1384->1388 1388->1369 1389->1379 1390->1379
                                                                          APIs
                                                                          • VariantInit.OLEAUT32 ref: 6CF1650C
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF16519
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF16520
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6CF16531
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1656D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16576
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF165B6
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF165BF
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF16666
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16677
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1667E
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16685
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                          • String ID:
                                                                          • API String ID: 1625659656-0
                                                                          • Opcode ID: 274980dface8548af631126af5d62767d7a257ebe06d6928795c8f887dae886f
                                                                          • Instruction ID: e747dc0679822c0f4a6860a1ebced2553092714477516ed3e2904dbf3e6bedfa
                                                                          • Opcode Fuzzy Hash: 274980dface8548af631126af5d62767d7a257ebe06d6928795c8f887dae886f
                                                                          • Instruction Fuzzy Hash: FC5126726183059FC701DF68C880A5BBBF9EFC9614F108A1DF95587650DB71E906CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1CB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1391 6cf1cb90-6cf1cc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1392 6cf1cce7-6cf1cce9 1391->1392 1393 6cf1cc17-6cf1cc4b SafeArrayPutElement VariantClear 1391->1393 1394 6cf1ccf2-6cf1cd18 VariantClear * 2 1392->1394 1395 6cf1cceb-6cf1ccec SafeArrayDestroy 1392->1395 1393->1392 1396 6cf1cc51-6cf1cc61 SafeArrayPutElement 1393->1396 1395->1394 1396->1392 1397 6cf1cc67-6cf1cc7b SafeArrayPutElement 1396->1397 1397->1392 1398 6cf1cc7d-6cf1cc8e 1397->1398 1399 6cf1cc90-6cf1cc95 call 6cf6c1e0 1398->1399 1400 6cf1cc9a-6cf1ccc8 1398->1400 1399->1400 1405 6cf1ccc9 call 109d171 1400->1405 1406 6cf1ccc9 call 109d170 1400->1406 1402 6cf1cccb-6cf1cccd 1402->1392 1403 6cf1cccf-6cf1cce1 1402->1403 1403->1392 1404 6cf1cce3 1403->1404 1404->1392 1405->1402 1406->1402
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1CBCA
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1CBD3
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF1CBE4
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF1CBF6
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1CC0D
                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF1CC39
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1CC42
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF1CC5D
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF1CC77
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF1CCEC
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1CCFC
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1CD02
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                                          • String ID:
                                                                          • API String ID: 3548156019-0
                                                                          • Opcode ID: 71d98ea9e8ce5bd93b332d92bd478d6d03589fea749bed542204c8cc5bb615a8
                                                                          • Instruction ID: 9e676060a820ff8f60d59663ee48cb19c460e7183446e6c33db7d83f19dd30d4
                                                                          • Opcode Fuzzy Hash: 71d98ea9e8ce5bd93b332d92bd478d6d03589fea749bed542204c8cc5bb615a8
                                                                          • Instruction Fuzzy Hash: 72513FB5D042599FDB00DFA8C884EDEBFB8FF49714F00816AEA15A7641D770A905CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0A350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1407 6cf0a350-6cf0a3bd VariantInit * 3 call 6cf138e0 1410 6cf0a3c3-6cf0a3d6 1407->1410 1411 6cf0a505-6cf0a528 VariantClear * 3 1407->1411 1412 6cf0a3e0-6cf0a3f7 VariantCopy 1410->1412 1413 6cf0a3d8-6cf0a3dd 1410->1413 1414 6cf0a532-6cf0a546 1411->1414 1415 6cf0a52a-6cf0a52d 1411->1415 1416 6cf0a3f9-6cf0a3fa call 6cf6c1e0 1412->1416 1417 6cf0a3ff-6cf0a411 VariantClear 1412->1417 1413->1412 1415->1414 1416->1417 1419 6cf0a413-6cf0a418 call 6cf6c1e0 1417->1419 1420 6cf0a41d-6cf0a42b 1417->1420 1419->1420 1422 6cf0a431-6cf0a433 1420->1422 1423 6cf0a42d-6cf0a42f 1420->1423 1424 6cf0a436-6cf0a43a 1422->1424 1423->1424 1425 6cf0a440 1424->1425 1426 6cf0a43c-6cf0a43e 1424->1426 1427 6cf0a442-6cf0a477 1425->1427 1426->1427 1443 6cf0a47a call 109d171 1427->1443 1444 6cf0a47a call 109d170 1427->1444 1428 6cf0a47c-6cf0a47e 1428->1411 1429 6cf0a484-6cf0a493 1428->1429 1430 6cf0a495-6cf0a49a call 6cf6c1e0 1429->1430 1431 6cf0a49f-6cf0a4b0 1429->1431 1430->1431 1433 6cf0a4b2-6cf0a4b4 1431->1433 1434 6cf0a4b6-6cf0a4b8 1431->1434 1435 6cf0a4bb-6cf0a4bf 1433->1435 1434->1435 1436 6cf0a4c1-6cf0a4c3 1435->1436 1437 6cf0a4c5 1435->1437 1438 6cf0a4c7-6cf0a503 1436->1438 1437->1438 1438->1411 1440 6cf0a549-6cf0a578 VariantClear * 3 1438->1440 1441 6cf0a582-6cf0a596 1440->1441 1442 6cf0a57a-6cf0a57f 1440->1442 1442->1441 1443->1428 1444->1428
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$Init$Copy
                                                                          • String ID:
                                                                          • API String ID: 3214764494-0
                                                                          • Opcode ID: af2626ab96165bdc995b1c3b61ab2056c8b1f1eb6d195a47be2438145ac5b448
                                                                          • Instruction ID: b94f57094faa89f9a74a95ccbd3b3a9ccd2d5b32d4516f0afc1c99c8e98db8f5
                                                                          • Opcode Fuzzy Hash: af2626ab96165bdc995b1c3b61ab2056c8b1f1eb6d195a47be2438145ac5b448
                                                                          • Instruction Fuzzy Hash: 997136766083419FD700DF69C880A5BB7E8FF89B14F108A6DFA55CB690DB31E904CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1499 6cf1cd20-6cf1cd97 VariantInit * 3 SafeArrayCreateVector 1500 6cf1cda1-6cf1cdc0 SafeArrayPutElement VariantClear 1499->1500 1501 6cf1cd99-6cf1cd9c 1499->1501 1502 6cf1d2a0-6cf1d2a2 1500->1502 1503 6cf1cdc6-6cf1cdd1 1500->1503 1501->1500 1504 6cf1d2a4-6cf1d2a5 SafeArrayDestroy 1502->1504 1505 6cf1d2ab-6cf1d2d7 VariantClear * 3 1502->1505 1506 6cf1cdd3-6cf1cdd8 call 6cf6c1e0 1503->1506 1507 6cf1cddd-6cf1cdef 1503->1507 1504->1505 1506->1507 1507->1502 1510 6cf1cdf5-6cf1ce01 1507->1510 1510->1502 1511 6cf1ce07-6cf1cea4 1510->1511 1519 6cf1cea6-6cf1ceb7 1511->1519 1520 6cf1ceba-6cf1cf2b 1511->1520 1519->1520 1526 6cf1cf41-6cf1d00a 1520->1526 1527 6cf1cf2d-6cf1cf3e 1520->1527 1576 6cf1d00b call 10ad7ac 1526->1576 1577 6cf1d00b call 10ad7a7 1526->1577 1527->1526 1536 6cf1d00d-6cf1d222 1562 6cf1d224-6cf1d229 call 6cf6c1e0 1536->1562 1563 6cf1d22e-6cf1d25c 1536->1563 1562->1563 1566 6cf1d29d 1563->1566 1567 6cf1d25e-6cf1d269 1563->1567 1566->1502 1567->1566 1568 6cf1d26b-6cf1d27b call 6cf0db30 1567->1568 1568->1566 1571 6cf1d27d-6cf1d299 call 6cf156b0 call 6cf16880 1568->1571 1571->1566 1576->1536 1577->1536
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1CD5C
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1CD65
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1CD6B
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1CD76
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1CDAA
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1CDB7
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF1D2A5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1D2B5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1D2BB
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1D2C1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 2515392200-0
                                                                          • Opcode ID: 9ed29585f659de288d58935fa3d62cb2846268965db979041f5ba126ef3ba1c6
                                                                          • Instruction ID: dfa0064d2f0651c37fd5c7233ba697f8504df92c35fded6742ee8a3aef94a3b4
                                                                          • Opcode Fuzzy Hash: 9ed29585f659de288d58935fa3d62cb2846268965db979041f5ba126ef3ba1c6
                                                                          • Instruction Fuzzy Hash: 38120675A15745AFC758DBA8DD84DAAB3B9BF8C300F14466CF50A9BB91CA30F841CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF166A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1578 6cf166a0-6cf16725 VariantInit * 2 SafeArrayCreateVector 1579 6cf16727-6cf1672a 1578->1579 1580 6cf1672f-6cf1674f SafeArrayPutElement VariantClear 1578->1580 1579->1580 1581 6cf16755-6cf16772 1580->1581 1582 6cf16844-6cf16846 1580->1582 1583 6cf16774-6cf16779 1581->1583 1584 6cf1677c-6cf1679c SafeArrayPutElement VariantClear 1581->1584 1585 6cf16848-6cf16849 SafeArrayDestroy 1582->1585 1586 6cf1684f-6cf16878 VariantClear * 2 1582->1586 1583->1584 1584->1582 1587 6cf167a2-6cf167b0 1584->1587 1585->1586 1588 6cf167b2-6cf167b7 call 6cf6c1e0 1587->1588 1589 6cf167bc-6cf167ef 1587->1589 1588->1589 1601 6cf167f2 call 109d171 1589->1601 1602 6cf167f2 call 109d170 1589->1602 1591 6cf167f4-6cf167f6 1591->1582 1592 6cf167f8-6cf16805 1591->1592 1592->1582 1593 6cf16807-6cf1681c call 6cf0db30 1592->1593 1593->1582 1596 6cf1681e-6cf1683f call 6cf156b0 call 6cf16880 1593->1596 1596->1582 1601->1591 1602->1591
                                                                          APIs
                                                                          • VariantInit.OLEAUT32 ref: 6CF166DB
                                                                          • VariantInit.OLEAUT32 ref: 6CF166EA
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF16700
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1673A
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16747
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF16787
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16794
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF16849
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1685A
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16861
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                                          • String ID:
                                                                          • API String ID: 551789342-0
                                                                          • Opcode ID: 6b7f276e63b1edc9c5f4531f3237aa9eb93091ac92dcc3580570b7c63cb0aaf8
                                                                          • Instruction ID: 9e5d1057ce977d40fb362f2191b395bf01420b48189a93f37b979f633b6eb3bf
                                                                          • Opcode Fuzzy Hash: 6b7f276e63b1edc9c5f4531f3237aa9eb93091ac92dcc3580570b7c63cb0aaf8
                                                                          • Instruction Fuzzy Hash: 1B518972609201AFC701DF68C844B9BBBF9EF89714F118A1DF944DB650DB70E905CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1603 6cf1840e-6cf18413 call 6cf6c1e0 1605 6cf18418-6cf1841f 1603->1605 1693 6cf18422 call 109d171 1605->1693 1694 6cf18422 call 109d170 1605->1694 1606 6cf18424-6cf18426 1607 6cf1ae53-6cf1ae60 1606->1607 1608 6cf1842c-6cf18443 call 6cf0dfb0 1606->1608 1610 6cf1ae62-6cf1ae65 SafeArrayDestroy 1607->1610 1611 6cf1ae68-6cf1ae70 1607->1611 1608->1607 1615 6cf18449-6cf18454 1608->1615 1610->1611 1613 6cf1ae72-6cf1ae75 SafeArrayDestroy 1611->1613 1614 6cf1ae7b-6cf1ae83 1611->1614 1613->1614 1616 6cf1ae85-6cf1ae88 SafeArrayDestroy 1614->1616 1617 6cf1ae8e-6cf1ae96 1614->1617 1618 6cf18464-6cf1846f 1615->1618 1619 6cf18456-6cf18461 1615->1619 1616->1617 1620 6cf1aea1-6cf1aea9 1617->1620 1621 6cf1ae98-6cf1ae9b SafeArrayDestroy 1617->1621 1622 6cf18471-6cf1847c 1618->1622 1623 6cf1847f-6cf18487 1618->1623 1619->1618 1624 6cf1aeb4-6cf1aebc 1620->1624 1625 6cf1aeab-6cf1aeae SafeArrayDestroy 1620->1625 1621->1620 1622->1623 1628 6cf18493-6cf184a9 1623->1628 1629 6cf18489-6cf1848e call 6cf6c1e0 1623->1629 1626 6cf1aec7-6cf1aed3 1624->1626 1627 6cf1aebe-6cf1aec1 SafeArrayDestroy 1624->1627 1625->1624 1630 6cf1aed5-6cf1aeda 1626->1630 1631 6cf1aedd-6cf1aef8 call 6cf5948b 1626->1631 1627->1626 1628->1607 1636 6cf184af-6cf184e7 SafeArrayGetLBound SafeArrayGetUBound 1628->1636 1629->1628 1630->1631 1637 6cf18616-6cf1862d call 6cf0dfb0 1636->1637 1638 6cf184ed-6cf18512 SafeArrayGetElement 1636->1638 1637->1607 1648 6cf18633-6cf1864d call 6cf0dfb0 1637->1648 1639 6cf18758-6cf18761 1638->1639 1640 6cf18518-6cf18523 1638->1640 1639->1607 1644 6cf18767-6cf1876f 1639->1644 1642 6cf18525-6cf18528 1640->1642 1643 6cf1852d-6cf1853b 1640->1643 1642->1643 1646 6cf18545-6cf1855a 1643->1646 1647 6cf1853d-6cf18542 1643->1647 1644->1607 1649 6cf18564-6cf18582 call 6cf13a90 1646->1649 1650 6cf1855c-6cf18561 1646->1650 1647->1646 1648->1607 1655 6cf18653-6cf1866d call 6cf0dfb0 1648->1655 1658 6cf18584-6cf1858d 1649->1658 1659 6cf1858f-6cf185ab call 6cf13a90 1649->1659 1650->1649 1655->1607 1664 6cf18673-6cf1868c call 6cf0dfb0 1655->1664 1661 6cf185b6-6cf185b9 call 6cf0ad80 1658->1661 1666 6cf185ad-6cf185b0 1659->1666 1667 6cf185be-6cf185f6 call 6cf5a1f7 * 2 1659->1667 1661->1667 1664->1607 1672 6cf18692-6cf186ac call 6cf0dfb0 1664->1672 1666->1661 1677 6cf18600-6cf18610 1667->1677 1678 6cf185f8-6cf185fd 1667->1678 1672->1607 1679 6cf186b2-6cf186d1 call 6cf169c0 1672->1679 1677->1637 1677->1638 1678->1677 1679->1607 1682 6cf186d7-6cf186f7 call 6cf169c0 1679->1682 1682->1607 1685 6cf186fd-6cf1870b 1682->1685 1686 6cf18715-6cf18753 call 6cf169c0 call 6cf5a1f7 1685->1686 1687 6cf1870d-6cf18712 1685->1687 1686->1607 1687->1686 1693->1606 1694->1606
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF184BF
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF184D2
                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6CF1850A
                                                                            • Part of subcall function 6CF13A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF13B71
                                                                            • Part of subcall function 6CF13A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF13B83
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF16A08
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF16A15
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF16A41
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                            • Part of subcall function 6CF0DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF0DFF6
                                                                            • Part of subcall function 6CF0DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0E003
                                                                            • Part of subcall function 6CF0DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF0E02F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                          • String ID:
                                                                          • API String ID: 959723449-0
                                                                          • Opcode ID: 954092079c9217bb34438006f97c057e30f908974c2a98b111f330ee313ef104
                                                                          • Instruction ID: 398ff7c2fd20086dee15dfc4b30519173848c16e908cd4fa9fe5def2ef6f1a42
                                                                          • Opcode Fuzzy Hash: 954092079c9217bb34438006f97c057e30f908974c2a98b111f330ee313ef104
                                                                          • Instruction Fuzzy Hash: 3CC18070A052049FDB00CF69CD90FAAB7B9AF45308F208599E519EBB86DB71ED44CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF14170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF141AF
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF141B5
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF141C0
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF141F5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14201
                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF14450
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1446D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1447D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14483
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 1774866819-0
                                                                          • Opcode ID: 3bdfdca687ccf5f656a91022d572b9b9c9fae207b3554e3a1682bbc49b68d6d8
                                                                          • Instruction ID: 1318ef8c2180958c93d933e6bcb7b52635a15e244e802c6eb0193cf78d5ff8c2
                                                                          • Opcode Fuzzy Hash: 3bdfdca687ccf5f656a91022d572b9b9c9fae207b3554e3a1682bbc49b68d6d8
                                                                          • Instruction Fuzzy Hash: 40B138756046099FCB14DF99C884EEAB7F9BF8D310F15856CE50AABB90DA34F841CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1C56F
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1C575
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1C580
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF1C5B5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1C5C1
                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF1C7D4
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1C7F1
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1C801
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1C807
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 1774866819-0
                                                                          • Opcode ID: 0bea9a4fcbf65e0aeb0b6a514293acb16c2307c23009ee6fded436d1cf7668a8
                                                                          • Instruction ID: 05e1051280e90519f6d9cdbe5201cee8f2e8ad4805b7bf691e904339c012b98e
                                                                          • Opcode Fuzzy Hash: 0bea9a4fcbf65e0aeb0b6a514293acb16c2307c23009ee6fded436d1cf7668a8
                                                                          • Instruction Fuzzy Hash: 3CA13975A046099FCB14EF99C884EAAB7F5BF8D310F15856CE506ABB50DB34F841CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF16880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF168B2
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF168BD
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF168D7
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF168FD
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF16909
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF16923
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF16981
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1699E
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF169A4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                                          • String ID:
                                                                          • API String ID: 3529038988-0
                                                                          • Opcode ID: 863a3cbe2021693e28908700901f97ab79bb79204c2eaccb5e19607c402b9437
                                                                          • Instruction ID: 94bbdd9b9aa51486fb765097c39129fc7068ac3d688f8ff5dae867cfa481c33b
                                                                          • Opcode Fuzzy Hash: 863a3cbe2021693e28908700901f97ab79bb79204c2eaccb5e19607c402b9437
                                                                          • Instruction Fuzzy Hash: FB417FB2E00219AFDB01DFA5C844AEEBBB8FF99314F154119E505E7740E771A905CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInit
                                                                          • String ID:
                                                                          • API String ID: 2610073882-0
                                                                          • Opcode ID: 42a8deacdb163e6dccce19a5d25cd2f33102b0b517c1de39913463ddb735effb
                                                                          • Instruction ID: fe7f7b72303e0088b7c7bc66fffa7dd159cc2aacaafbec457f4f202626f1246a
                                                                          • Opcode Fuzzy Hash: 42a8deacdb163e6dccce19a5d25cd2f33102b0b517c1de39913463ddb735effb
                                                                          • Instruction Fuzzy Hash: E5C157716087009FC300EF58C89095BB7E5FFC9704F258A4DE59887765D731E845DBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF16B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CF16C8B
                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CF16CA6
                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF16CC7
                                                                            • Part of subcall function 6CF15760: std::tr1::_Xweak.LIBCPMT ref: 6CF15769
                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF16CF9
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF16F13
                                                                          • InterlockedCompareExchange.KERNEL32(6CF9C6A4,45524548,4B4F4F4C), ref: 6CF16F34
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 2722669376-0
                                                                          • Opcode ID: adfa8b4dffbe2295aeeeb9deaf6d689bd1770b0ffdff0540194e5c78e5f27032
                                                                          • Instruction ID: 5d2c2c02f414bce83b91e9e27b9b0e88b4d1a8e16005d971d5e95b036d2229a2
                                                                          • Opcode Fuzzy Hash: adfa8b4dffbe2295aeeeb9deaf6d689bd1770b0ffdff0540194e5c78e5f27032
                                                                          • Instruction Fuzzy Hash: 91D1D0B1A142059FDB00CFA8C895BEE77B9EF44308F148569F905EBB81D7B5E904CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF016B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF01B53
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF01B5D
                                                                          • std::exception::exception.LIBCMT ref: 6CF01C43
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF01C58
                                                                          Strings
                                                                          • invalid vector<T> subscript, xrefs: 6CF01B58
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                                          • String ID: invalid vector<T> subscript
                                                                          • API String ID: 3098024973-3016609489
                                                                          • Opcode ID: 87cce31bb792ec9b9be94e270fab6492e7fa78ba6d4bda4838dbb27e52611674
                                                                          • Instruction ID: 30a0573b6b15f9d1407c968996db97d8d6680df4322a4f10628ade7d42313456
                                                                          • Opcode Fuzzy Hash: 87cce31bb792ec9b9be94e270fab6492e7fa78ba6d4bda4838dbb27e52611674
                                                                          • Instruction Fuzzy Hash: CC226CB1D017099FCB24CFA4C0909EEBBF5BF44714F508A5DD45AABB50E770AA88CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0DB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(6CF131EC), ref: 6CF0DB5E
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0DB6E
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0DB82
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0DBF1
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0DBFB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                                          • String ID:
                                                                          • API String ID: 182531043-0
                                                                          • Opcode ID: 9733e3b603e99dff7ca715a2e9fb6b569ecd8d93507151017380ef113d8670de
                                                                          • Instruction ID: 3d6fdaa12baf1824477b910268fcda4bf54222b82c3cccb16cf15138ab5f8dd3
                                                                          • Opcode Fuzzy Hash: 9733e3b603e99dff7ca715a2e9fb6b569ecd8d93507151017380ef113d8670de
                                                                          • Instruction Fuzzy Hash: 3231A2B6A00205AFDB01DF55C844EEEBBF9FF89710F15815AE911A7740D734A801DFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: T@12
                                                                          • String ID: a0
                                                                          • API String ID: 456891419-3188653782
                                                                          • Opcode ID: 781f8785b726fbaffd15b2875df74f7bdd27738f7f621c462a7ccb9f2d873945
                                                                          • Instruction ID: e6695719c123ee5e98e28ee0655cc8e0287b0da113ab4bcde76e766ac19be631
                                                                          • Opcode Fuzzy Hash: 781f8785b726fbaffd15b2875df74f7bdd27738f7f621c462a7ccb9f2d873945
                                                                          • Instruction Fuzzy Hash: EA115770D0125666DB309AF74C4CFBF7AFC9BA1758F509414A625E2A50E738C571CAB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF59BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _malloc.LIBCMT ref: 6CF59BCF
                                                                            • Part of subcall function 6CF59D66: __FF_MSGBANNER.LIBCMT ref: 6CF59D7F
                                                                            • Part of subcall function 6CF59D66: __NMSG_WRITE.LIBCMT ref: 6CF59D86
                                                                            • Part of subcall function 6CF59D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF59BD4,6CEF1290,8193A27A), ref: 6CF59DAB
                                                                          • std::exception::exception.LIBCMT ref: 6CF59C04
                                                                          • std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                          • String ID:
                                                                          • API String ID: 615853336-0
                                                                          • Opcode ID: 146bce78e606153e7ccf1dc187b528100743a2868f49dad1d4b14d1c7611bc89
                                                                          • Instruction ID: 171f252e38978dab4c0cd12b5f18f2c021bab12edf0926032a668807f9105ded
                                                                          • Opcode Fuzzy Hash: 146bce78e606153e7ccf1dc187b528100743a2868f49dad1d4b14d1c7611bc89
                                                                          • Instruction Fuzzy Hash: F4F02DB1910109BBDF1CEF54DC45BDD7AF8AB21718F900809D60092F80CF718B26C660
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF06C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CF06C73
                                                                          • SafeArrayAccessData.OLEAUT32(00000000,6CF06C3C), ref: 6CF06C87
                                                                          • _memmove.LIBCMT ref: 6CF06C9A
                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF06CA3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                                                          • String ID:
                                                                          • API String ID: 3147195435-0
                                                                          • Opcode ID: 6d078bdf87b18a83e8a6d9a8cc99ab1ed0a9bb5a228cf15c543023b7061ac711
                                                                          • Instruction ID: bc668fc518c4d9b88aa676bdb1c703638ee574f5288e3c94fa1d307a8b3e25f0
                                                                          • Opcode Fuzzy Hash: 6d078bdf87b18a83e8a6d9a8cc99ab1ed0a9bb5a228cf15c543023b7061ac711
                                                                          • Instruction Fuzzy Hash: 2DF09A71314224ABEB126F51EC89F977FACEB86B65F008015FA088A240E6B0D500ABB1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CE968 Relevance: 5.5, Strings: 3, Instructions: 1765COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (bq$(bq$d
                                                                          • API String ID: 0-3459434788
                                                                          • Opcode ID: 338506a78efc2de6ae9ac1766e214e18e355010f27347c8775bd26cc354db817
                                                                          • Instruction ID: 182e440255203be634ff8fe4c35f19911db0b94b25af42ef4c514783d66f801d
                                                                          • Opcode Fuzzy Hash: 338506a78efc2de6ae9ac1766e214e18e355010f27347c8775bd26cc354db817
                                                                          • Instruction Fuzzy Hash: 6752A0316006068FCB15CF69C48096AFBF6FF89314B25C66AE45A9B761D730FC46CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF21FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF22206
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF22221
                                                                            • Part of subcall function 6CF26480: __CxxThrowException@8.LIBCMT ref: 6CF26518
                                                                            • Part of subcall function 6CF26480: __CxxThrowException@8.LIBCMT ref: 6CF26558
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                                          • String ID: ILProtector
                                                                          • API String ID: 84431791-1153028812
                                                                          • Opcode ID: 858a4fcb4a4cc47900c07a4e3767f30c58445c8753801bda60798d6d5df5d5df
                                                                          • Instruction ID: 8e67f86ebf26cd40dac0131d777b502742754cd0dc9efd4c514a448f0b6c7cb4
                                                                          • Opcode Fuzzy Hash: 858a4fcb4a4cc47900c07a4e3767f30c58445c8753801bda60798d6d5df5d5df
                                                                          • Instruction Fuzzy Hash: CA712875E05258DFCB14CFA8C844BEEBBB4EB49304F1081AAE419A7740DB756A48CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF09110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF0913B
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF0915C
                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6CF09170
                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CF09191
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID:
                                                                          • API String ID: 3168844106-0
                                                                          • Opcode ID: a170d3d055577c4956f05f27e82e3ed3ee0d90d2a98826fa555124f62264f34f
                                                                          • Instruction ID: f9186721290488e0a44a27f7749d495ab30640d172871b8584e1aab70334454c
                                                                          • Opcode Fuzzy Hash: a170d3d055577c4956f05f27e82e3ed3ee0d90d2a98826fa555124f62264f34f
                                                                          • Instruction Fuzzy Hash: 93416176A00209DFCB04DF95D9948EEBBB4FF48314B61859ED816AB701E730AA05CFE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF08E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32 ref: 6CF08E89
                                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6CF08EAD
                                                                          • _memset.LIBCMT ref: 6CF08ED2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave_memset
                                                                          • String ID:
                                                                          • API String ID: 3751686142-0
                                                                          • Opcode ID: 3b7fadc9be93a3a2b8a9105a9b99bd72792b4fd2095131db6babcb63130e4c62
                                                                          • Instruction ID: 0d6e4e184831d578f541adb75e60ce8a11a3c8a237e0f65067c21902c49b99f0
                                                                          • Opcode Fuzzy Hash: 3b7fadc9be93a3a2b8a9105a9b99bd72792b4fd2095131db6babcb63130e4c62
                                                                          • Instruction Fuzzy Hash: A5514EB4B01205AFCB44CF58C890F9AB7B6FF49704F20855DE91A9BB81DB31EA55CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0D9F0 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,?), ref: 6CF0DA16
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CF0DA33
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0DA9E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 3149346722-0
                                                                          • Opcode ID: 616ae9c1cad6e961a9b71092f7e7d2e1ee547b9dfc32c06f30bc48d333b9403d
                                                                          • Instruction ID: b03a3f54f3581afc388f17f964ff682d5287a46d7fc8f8b49844753a5c15af1c
                                                                          • Opcode Fuzzy Hash: 616ae9c1cad6e961a9b71092f7e7d2e1ee547b9dfc32c06f30bc48d333b9403d
                                                                          • Instruction Fuzzy Hash: 90215C71305206AFE705DFA9C890B9BB7A8AF4AB08F204059EA04CB641D771D901EB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CF0D949
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CF0D96C
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0D9CF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 3149346722-0
                                                                          • Opcode ID: 14ad1b78d59e95bfeb279996409ee9aa105081296dfb89ddcfd40d0a2f3f6855
                                                                          • Instruction ID: 4b872a9777c5300bcd117a60575f095b88477f2cde4dd0ceddb5b7475641c1f5
                                                                          • Opcode Fuzzy Hash: 14ad1b78d59e95bfeb279996409ee9aa105081296dfb89ddcfd40d0a2f3f6855
                                                                          • Instruction Fuzzy Hash: B7219D35701618AFEB02DF98C894FAB77B8EF8AB44F114098E944DB384D771D901EBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1DB2D
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF1DB45
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF1DBA2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 3149346722-0
                                                                          • Opcode ID: 3977c08c7d546ba15fb9970b6b273aa1668448f8695ccb51ab67ab510ca13470
                                                                          • Instruction ID: 46e4cf9255021697325c66224b3e173104defffced53c869911fbd470bc099dc
                                                                          • Opcode Fuzzy Hash: 3977c08c7d546ba15fb9970b6b273aa1668448f8695ccb51ab67ab510ca13470
                                                                          • Instruction Fuzzy Hash: 7011BC75746205AFD702DF69C888F9ABBB8FF5A314F058299E908DB741D730A900CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF23EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF24042
                                                                            • Part of subcall function 6CF59533: std::exception::_Copy_str.LIBCMT ref: 6CF5954E
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF24059
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                                          • String ID:
                                                                          • API String ID: 2813683038-0
                                                                          • Opcode ID: 0ad9e075186ac481ab97354dd888b70a6c559eb8c4007f6169d81be8b338d511
                                                                          • Instruction ID: 15de4e9cc354ba7179916c405b61a38b1089efdf74f30a6c583d8f70c1b158df
                                                                          • Opcode Fuzzy Hash: 0ad9e075186ac481ab97354dd888b70a6c559eb8c4007f6169d81be8b338d511
                                                                          • Instruction Fuzzy Hash: 4291CDF29043049FD704CF99D841B9AFBF8FF90744F50895AE5149BBA0E7B5DA088B92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF0BE2D
                                                                          • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6CF0BE6D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroyReadSafe
                                                                          • String ID:
                                                                          • API String ID: 616443815-0
                                                                          • Opcode ID: 6cd22b9043dfcad72e7e54fcf4800d5f51c8a4fcc89f4f0c24ff67505cbb5310
                                                                          • Instruction ID: 65568bf173ee3877e3bb5780d6d7bfedd49eb050731fcd5be502c3e6d003ff95
                                                                          • Opcode Fuzzy Hash: 6cd22b9043dfcad72e7e54fcf4800d5f51c8a4fcc89f4f0c24ff67505cbb5310
                                                                          • Instruction Fuzzy Hash: 587145B0F046965EDB21CF75C860699FBB1AF06B29F188B5CD9E497AC2C331D442DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF062C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF06466
                                                                            • Part of subcall function 6CF59533: std::exception::_Copy_str.LIBCMT ref: 6CF5954E
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF0647D
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 2299493649-0
                                                                          • Opcode ID: 23969dfb0642ea54f608763df5f3704b15ea6ed7e5e95e41977b95e63c98d031
                                                                          • Instruction ID: b3c2cad271914dc00632fc3527e575b4e04f2b47eb98bcaa70258c3a2509cc72
                                                                          • Opcode Fuzzy Hash: 23969dfb0642ea54f608763df5f3704b15ea6ed7e5e95e41977b95e63c98d031
                                                                          • Instruction Fuzzy Hash: 32517CB2A093409FD704CF54C891A8BBBF4BB85B04F90492EF9598B790D771DA48DB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1D2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF1D3E8
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF1D3FF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 4063778783-0
                                                                          • Opcode ID: 086ae5e9bacbb0e20646fd592a694ec8e315546bbff49207281f88df0c2dd81d
                                                                          • Instruction ID: 4e2d6dc0695a9a607a610895cf63ea18680bcbcf32b3a323665e7e0caa64d923
                                                                          • Opcode Fuzzy Hash: 086ae5e9bacbb0e20646fd592a694ec8e315546bbff49207281f88df0c2dd81d
                                                                          • Instruction Fuzzy Hash: D1318EB15097459FC704CF29C48099ABBF4FF89714F608A2EF4558BB50E731EA0ACB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF08400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF08449
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF0845E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 4063778783-0
                                                                          • Opcode ID: db711274e6c083744fac309e1bfe4ed8a1845a3314920686b6b7e07b674532ef
                                                                          • Instruction ID: fc2528266d550e8208f01e6c7a86b71618fdb63d9ce4bb6c1ce8109361236063
                                                                          • Opcode Fuzzy Hash: db711274e6c083744fac309e1bfe4ed8a1845a3314920686b6b7e07b674532ef
                                                                          • Instruction Fuzzy Hash: B3014475900208AFC70CDF54D49089ABBF5EF54700B50C5AED91A4BB50DB31EA15CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF08D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,6CF08C13,?,6CF08CD3,?,6CF08C13,00000000,?,?,6CF08C13,?,?), ref: 6CF08D73
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6CF08CD3,?,6CF08C13,00000000,?,?,6CF08C13,?,?), ref: 6CF08D8C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID:
                                                                          • API String ID: 3168844106-0
                                                                          • Opcode ID: b40ace36af2cac3f6fd6f5961a18f524d7c031de63f3eead792c30fd778944dc
                                                                          • Instruction ID: 754c11225020ff9e480c8afde03347e9820a32ead8fb6e3a5988a53e2c8ea4cc
                                                                          • Opcode Fuzzy Hash: b40ace36af2cac3f6fd6f5961a18f524d7c031de63f3eead792c30fd778944dc
                                                                          • Instruction Fuzzy Hash: 1221F875300109EF8B04DF89D890DAAB3BAFFC9314B148659F91A87350DB31EE16DBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA22FB Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PO^q$TJcq
                                                                          • API String ID: 0-3011750398
                                                                          • Opcode ID: 183cb8e86dde5a35339ffb4a713e7c68ebb7f2e5d0f6de6686036c43a3fa6de6
                                                                          • Instruction ID: 5aea3e20bf3efcb5b0a3af30dfd083b09ccfdcb0db81dd5907e709e4b8c3d4ad
                                                                          • Opcode Fuzzy Hash: 183cb8e86dde5a35339ffb4a713e7c68ebb7f2e5d0f6de6686036c43a3fa6de6
                                                                          • Instruction Fuzzy Hash: DD210571B00116AFCB08EF65D5A5AAE7AABEF84600F004829F446AB350CE709C048B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA2300 Relevance: 2.6, Strings: 2, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PO^q$TJcq
                                                                          • API String ID: 0-3011750398
                                                                          • Opcode ID: 50283d9c69f09060d717a9b810e43316cedbf8ef702584618a34dfe75166f9d4
                                                                          • Instruction ID: 8256104b827d0429a2b6b7ed24e202d0157d906fcbb6437f6d05449e53e75119
                                                                          • Opcode Fuzzy Hash: 50283d9c69f09060d717a9b810e43316cedbf8ef702584618a34dfe75166f9d4
                                                                          • Instruction Fuzzy Hash: D211E731B00116AFCB08EF65D494AAE7AFBEFC4700F104829F4469B350CE709C048B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0041 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TJcq$Te^q
                                                                          • API String ID: 0-918715239
                                                                          • Opcode ID: c8c110dbe8338dcb4089e66993e5dce320350e2f008521a4d2216fbe639ae80e
                                                                          • Instruction ID: 8542a4c29fccd5e427cd838ffb8c10b736cb2ca5744aa6ecf084ece76f20b52c
                                                                          • Opcode Fuzzy Hash: c8c110dbe8338dcb4089e66993e5dce320350e2f008521a4d2216fbe639ae80e
                                                                          • Instruction Fuzzy Hash: C311B130B001165FCF18ABB8D4697BFBAE6FFC9200F54056DE186AB390CE215D058BE6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TJcq$Te^q
                                                                          • API String ID: 0-918715239
                                                                          • Opcode ID: afad92f62e5c2885500601e0a73bff7fa08103888f2e3d48e0790574a58b9927
                                                                          • Instruction ID: a5c03509397d7d5e7ac59f25421688c8fe239f965f1021a5060549b70180be29
                                                                          • Opcode Fuzzy Hash: afad92f62e5c2885500601e0a73bff7fa08103888f2e3d48e0790574a58b9927
                                                                          • Instruction Fuzzy Hash: BE11D330B001165BCF18ABB9D4697BFBAE6FFC9200F54052DE146AB380CE215D058BE6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF08BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,6CF06890,?), ref: 6CF08BDD
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6CF08C23
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID:
                                                                          • API String ID: 3168844106-0
                                                                          • Opcode ID: f34c687c7f501747aeb0c0d5e93046654e9fe3b6577f78b94e0d129c2f95437b
                                                                          • Instruction ID: 9d13b213500088fb8d6ae82416d74fccfd11e03cd46c67f993b03af67fa19ff0
                                                                          • Opcode Fuzzy Hash: f34c687c7f501747aeb0c0d5e93046654e9fe3b6577f78b94e0d129c2f95437b
                                                                          • Instruction Fuzzy Hash: 8301DFB1705104AFC744DFA8D894D9AF7A9FF9D204710426AE905C7700DB32ED50CBE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D264 Relevance: 1.8, APIs: 1, Instructions: 299processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0529D53F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: d843c3a3f549dc7299242b0b9c54994f5aa004911168fd6684363179e481dba7
                                                                          • Instruction ID: 9cd7a033d6a2146f46ee1493dc9edbe0f8d55a92b30fffe08fae8694175b1b1e
                                                                          • Opcode Fuzzy Hash: d843c3a3f549dc7299242b0b9c54994f5aa004911168fd6684363179e481dba7
                                                                          • Instruction Fuzzy Hash: D6B142B0D102198FDF18CFA8C885BEEBBB2BF49304F149169E859A7380D7749981DF85
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D270 Relevance: 1.8, APIs: 1, Instructions: 295processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0529D53F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 631a2a1f751ae9db43eaa6d2bdbb2d8f538dde886acd6bb9715ea6c48f727706
                                                                          • Instruction ID: 029cc76edd5befe9cb8732dd20b2ef32cc174765e295812073101fa7ac446217
                                                                          • Opcode Fuzzy Hash: 631a2a1f751ae9db43eaa6d2bdbb2d8f538dde886acd6bb9715ea6c48f727706
                                                                          • Instruction Fuzzy Hash: 46B142B0D102598FDF18CFA8C845BAEBBF2BF49304F149169E859A7380D7749981DF85
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1E2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _malloc
                                                                          • String ID:
                                                                          • API String ID: 1579825452-0
                                                                          • Opcode ID: a8285affe671f51781ccbf8970f220177c2ae29207c506a681f3e3ec45295df4
                                                                          • Instruction ID: bf601e617bdaa5b3c97920f0bb6700a478fc7449f45a8baf1a029b75d8f63081
                                                                          • Opcode Fuzzy Hash: a8285affe671f51781ccbf8970f220177c2ae29207c506a681f3e3ec45295df4
                                                                          • Instruction Fuzzy Hash: 8481C3F1D093809FEB249FA4889974EBBF0BB51308F54492DD2598BF91D7B189488B93
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D989 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0529DA65
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: b1cd42bf1507f600343f14c4b3807b5427f245ddb7a95e2168ab0ad7f3ec3843
                                                                          • Instruction ID: a283ddffc7be28bc758b5223f68108d29f68b5f11c8022fe6446465b52e0090d
                                                                          • Opcode Fuzzy Hash: b1cd42bf1507f600343f14c4b3807b5427f245ddb7a95e2168ab0ad7f3ec3843
                                                                          • Instruction Fuzzy Hash: 804157B5D142589FCF14CFA9D984AAEBBF1BF09314F24902AE818B7310D375A985CB64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D990 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0529DA65
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 011ae5df820b6719682b861843b36bbaaedea81905812dfc6aa9d3f3e71be6ee
                                                                          • Instruction ID: 0b1816588fcaaaab660b1c6599783c1c3c53172696c214062483ead1f572f257
                                                                          • Opcode Fuzzy Hash: 011ae5df820b6719682b861843b36bbaaedea81905812dfc6aa9d3f3e71be6ee
                                                                          • Instruction Fuzzy Hash: 134157B5D142589FCF14CFA9D984A9EBBF1BF09310F24902AE818B7210D375A945CB64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D869 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0529D91C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 4442e517679cbcbd3a3d0b88610bd66bf8a9acfac21f5c0a23772ab14911f39c
                                                                          • Instruction ID: 6d3b86c9d3b290237959ae2629fc00944fe54d9a3304a69b5818d31b170901b2
                                                                          • Opcode Fuzzy Hash: 4442e517679cbcbd3a3d0b88610bd66bf8a9acfac21f5c0a23772ab14911f39c
                                                                          • Instruction Fuzzy Hash: DF4165B9D012599FCF10CFA9D984A9EFBB1BF19310F24902AE818BB310D375A941CB64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D870 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0529D91C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 28e063ced02f90b2b026437aa0fca35847522e0d70193f812624ab4ca75e3f8a
                                                                          • Instruction ID: d3dab89f32f8f30d357e8c70eaefa8e29039bc93d4a107ae4c8f9550559eeaf2
                                                                          • Opcode Fuzzy Hash: 28e063ced02f90b2b026437aa0fca35847522e0d70193f812624ab4ca75e3f8a
                                                                          • Instruction Fuzzy Hash: 8D3166B9D052599FCF10CFA9D984A9EFBB1BF19310F24902AE819BB310D375A941CF64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF07140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF22820: _malloc.LIBCMT ref: 6CF22871
                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF071D2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xweak_mallocstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 4085767713-0
                                                                          • Opcode ID: df220dcf24144636ab562c788687f6b4e4790657859dc513cc65236c0fb26e2d
                                                                          • Instruction ID: aa723e9281b7deb8523fc9dce4a8f10ed9291360484b47da018f4a1cc7c2f37b
                                                                          • Opcode Fuzzy Hash: df220dcf24144636ab562c788687f6b4e4790657859dc513cc65236c0fb26e2d
                                                                          • Instruction Fuzzy Hash: 373183B4B0574A9FCB10CFA5C890AABB7F9FF49608F20865EE81597781D731E905CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D76A Relevance: 1.6, APIs: 1, Instructions: 83threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0529D7FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: a0cb9a4f01c2ce75f4db6b65311791021e7d16c8647740649205183ab570563c
                                                                          • Instruction ID: 4019e1608424bdcbf867c7e5aa01c595c1fa90dca5514d2698c2d9c8ed403bd7
                                                                          • Opcode Fuzzy Hash: a0cb9a4f01c2ce75f4db6b65311791021e7d16c8647740649205183ab570563c
                                                                          • Instruction Fuzzy Hash: D73198B9D012589FCB14CFA9E584ADEFBF0AB09310F24942AE418B7310D774A945CF64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D770 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0529D7FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: eb0651b5362925ce48895a8b2d9c5bd02fdd50b92d0e09489d12a0e28dc136a1
                                                                          • Instruction ID: 2e50e6d86fcd8a91e9ea7892bb8d527222224e43f178aa7d58fe7bc17c238953
                                                                          • Opcode Fuzzy Hash: eb0651b5362925ce48895a8b2d9c5bd02fdd50b92d0e09489d12a0e28dc136a1
                                                                          • Instruction Fuzzy Hash: 113198B8D012589FCB14CFA9D584ADEFBF0AB09310F24902AE418B7310D374A945CF64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 052953DA Relevance: 1.6, APIs: 1, Instructions: 79libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0529547A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 9e8b91f62d63cfb3bde64f43124f29b3b6332291fb5fcb08cdf5108e434df587
                                                                          • Instruction ID: 491471475a104855be1604725ed9bc2a8a3a45fd12967e403f3b1a9f48f45f58
                                                                          • Opcode Fuzzy Hash: 9e8b91f62d63cfb3bde64f43124f29b3b6332291fb5fcb08cdf5108e434df587
                                                                          • Instruction Fuzzy Hash: D43198B4E042599FCB14CFA9D985ADEFBF1AF49310F14906AE818B7320D374A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 052953E0 Relevance: 1.6, APIs: 1, Instructions: 78libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0529547A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 04dd9f4cb9bdf0e805d3affa60ec388b051cb1049f2fd4570fe36eb44489a1c8
                                                                          • Instruction ID: 49027a396aca06ac206659fbc5b62df383633471554e5177ba66c6753a3f975a
                                                                          • Opcode Fuzzy Hash: 04dd9f4cb9bdf0e805d3affa60ec388b051cb1049f2fd4570fe36eb44489a1c8
                                                                          • Instruction Fuzzy Hash: 243198B4E002199FCB14CFAAD584ADEFBF5AF49310F14906AE818B7320D374A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529DAE0 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ResumeThread.KERNELBASE(?), ref: 0529DB65
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: a6c180996230460fc2078d42add54bab8f8e55d5f56318fc57115262c6023a93
                                                                          • Instruction ID: d8fe5674660e76b14e7dc007a414fce0d0365f440fecc57be2355422125419dd
                                                                          • Opcode Fuzzy Hash: a6c180996230460fc2078d42add54bab8f8e55d5f56318fc57115262c6023a93
                                                                          • Instruction Fuzzy Hash: 0A3198B8D112189FCB14CFA9D985A9EFBF5EF09310F14902AE818B7310D774A941CFA8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529DAE8 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ResumeThread.KERNELBASE(?), ref: 0529DB65
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: c435bdbc0821333463104254915339e06facb8fc41fa521202ace80b65df3b71
                                                                          • Instruction ID: d522652a0b0dc75b1c41f7900e59434709d7c53dedaaec83cf2fa6f73fc4117b
                                                                          • Opcode Fuzzy Hash: c435bdbc0821333463104254915339e06facb8fc41fa521202ace80b65df3b71
                                                                          • Instruction Fuzzy Hash: DF3188B8D112589FCB14CFA9D584A9EFBF4AF49310F14902AE819B7310D775A941CFA8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • SysAllocString.OLEAUT32 ref: 6CF1EA8D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AllocString_malloc
                                                                          • String ID:
                                                                          • API String ID: 959018026-0
                                                                          • Opcode ID: 08c31c100af37b3bbc0595454f85d7a0beae91c0d562ace82c82a4d8245cee78
                                                                          • Instruction ID: 376f95e89aeeda02fdd27360868eb89262103c1a567c4929b4035653eb2b0add
                                                                          • Opcode Fuzzy Hash: 08c31c100af37b3bbc0595454f85d7a0beae91c0d562ace82c82a4d8245cee78
                                                                          • Instruction Fuzzy Hash: 6D01D2B1904754EBD721CF58C804B9AB7F8FB05B24F11431AEC51A7F80D7B59A008BD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF59D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_catch.LIBCMT ref: 6CF5E8DC
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog3_catch_malloc
                                                                          • String ID:
                                                                          • API String ID: 529455676-0
                                                                          • Opcode ID: a7d1243e4f790506b39a35ec93fa66ad54cef909f764d71aeff46981fe6685c6
                                                                          • Instruction ID: a4f661159e3f9625b9140c46129fe418f7ab69bc7d305dff8c1dc02c45a8b963
                                                                          • Opcode Fuzzy Hash: a7d1243e4f790506b39a35ec93fa66ad54cef909f764d71aeff46981fe6685c6
                                                                          • Instruction Fuzzy Hash: 0FD0A731914208E7CB41FB99C509BAD7BB0AB55326FD00065E2097AF80DF719F2C8796
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___security_init_cookie.LIBCMT ref: 6CF5A510
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ___security_init_cookie
                                                                          • String ID:
                                                                          • API String ID: 3657697845-0
                                                                          • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                          • Instruction ID: 4f30c1fba3265295aeb099cc4043cc524daf1928eb5042ade4814314ba7ad145
                                                                          • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                          • Instruction Fuzzy Hash: 4FC09B351443089F8B04CF50F440CDE3755BB64224750D155FD180AB509B319A75D560
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CC3B8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Hbq
                                                                          • API String ID: 0-1245868
                                                                          • Opcode ID: d246d25b9e1a89ccc5f018abfc69977bdd9027b34a898220d4a54791b416eca3
                                                                          • Instruction ID: 8d70baa93aacabe54bd0fb71d629d026c5824ea70ec94a3bad5bcd87275fab1b
                                                                          • Opcode Fuzzy Hash: d246d25b9e1a89ccc5f018abfc69977bdd9027b34a898220d4a54791b416eca3
                                                                          • Instruction Fuzzy Hash: 2D21A530A00108AFDB44AB78DC15BBE7FBAFBC4300F60C466E649EB284DE365D058B95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0D10 Relevance: .1, Instructions: 142COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 26746545cf7708f3c64349cfc028e9b3b54717f063c30f31a7217c0df17eda19
                                                                          • Instruction ID: 2aa41daa0351f9574d2d8ab68e83957cc6af68b56d40328ee1d2f93a94ed7803
                                                                          • Opcode Fuzzy Hash: 26746545cf7708f3c64349cfc028e9b3b54717f063c30f31a7217c0df17eda19
                                                                          • Instruction Fuzzy Hash: 3751D274E01219DFCB04DFA8D984AEEBBB6FF88300F148529E809A7365DB35A945CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0D4C Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a151fcf461dbac714a0ff625de8f058767dbe94d0f538a8b8a327dd24e2b0de1
                                                                          • Instruction ID: 4f663dc983c911d584bef988198f051ec4a6442a060747e5323c791852a83eb7
                                                                          • Opcode Fuzzy Hash: a151fcf461dbac714a0ff625de8f058767dbe94d0f538a8b8a327dd24e2b0de1
                                                                          • Instruction Fuzzy Hash: 2C419274E01219DFDB04DFA8D994AAEFBB6FF48300F108529E809AB365C735A945CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0A87 Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d7455b4b3fd769fee97f8a49de65516cee1bd88c888b6d7575eaa67bb8fa5a08
                                                                          • Instruction ID: 43b7cfb5faa94c2ba016abc29aeb12e05c6150028d28d7638536c8600a28e131
                                                                          • Opcode Fuzzy Hash: d7455b4b3fd769fee97f8a49de65516cee1bd88c888b6d7575eaa67bb8fa5a08
                                                                          • Instruction Fuzzy Hash: E4315574D05208CFCF04CFA8D4587EEBBB9EF89304F649869D419A3241DB7A1A45CFA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CA128 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 34f581c6713a51dbd1a9a3600c5661f80baeb143acf8f3aa3ad8aa24364de8c5
                                                                          • Instruction ID: 2240623a3318ff20f196883fd858295206fbf1960addbf0e3c6330c3ba446c1f
                                                                          • Opcode Fuzzy Hash: 34f581c6713a51dbd1a9a3600c5661f80baeb143acf8f3aa3ad8aa24364de8c5
                                                                          • Instruction Fuzzy Hash: 9B215C30B002189FDB14EFB9E8546EEBABAFF88310F605529E541A7398DF355D41CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010AD964 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f65cbe551dc0db064ffc3d43e13f3d3f6e40ca2c61a396b221c7773f51ebc1e
                                                                          • Instruction ID: dfcf448568bb7a26711ff89bcb7df11564b5047e49835603d3f59af4372452ab
                                                                          • Opcode Fuzzy Hash: 3f65cbe551dc0db064ffc3d43e13f3d3f6e40ca2c61a396b221c7773f51ebc1e
                                                                          • Instruction Fuzzy Hash: 33213775504240DFCB05DF98D9C0B2ABFA6FB88314F64C2A9E8494F656C336D806CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010ADA4C Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb2ccda7f58e619c712c5953d64a749f7fb02afc43f04b7c75fe8d91559a9026
                                                                          • Instruction ID: cc66f016592922fa98b242958dad314c5eeb73d3def04cc333c8d8fd0f5919cb
                                                                          • Opcode Fuzzy Hash: fb2ccda7f58e619c712c5953d64a749f7fb02afc43f04b7c75fe8d91559a9026
                                                                          • Instruction Fuzzy Hash: 072146B1508340DFCB01DF98D9C0B2ABFA5FB94314F64C6A9E9494B652C336D406C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010AD44C Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 611d024dd222cd94a186f1fa345213e09b0c2ed0d14d1abdb8b5c00c3be19a24
                                                                          • Instruction ID: de26bb0b64aaf91363062c8a19e54fca8419c4fe79da1cc2cbea9d6517fa7dc5
                                                                          • Opcode Fuzzy Hash: 611d024dd222cd94a186f1fa345213e09b0c2ed0d14d1abdb8b5c00c3be19a24
                                                                          • Instruction Fuzzy Hash: 0E212371504200EFDB01DF98D5C4B6ABFA5FB84318F60C6ADD8894B656CB3AE446C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010AD7AC Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 320e8b68f3fac291cd78251526b114ef94cceebe9a49eb5e0d8d0ed9d2420066
                                                                          • Instruction ID: f731e3735b82f19a613ce02793fd2d326f7fabad416f50ac0fb4341c06e03219
                                                                          • Opcode Fuzzy Hash: 320e8b68f3fac291cd78251526b114ef94cceebe9a49eb5e0d8d0ed9d2420066
                                                                          • Instruction Fuzzy Hash: C9212671504240DFD705DF98D5C4B2ABFA5FB84724F60C26DD88D4BA56C335D446C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C91C0 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2fe7946e5d76d1f2dbfd1bc15a689bde9788cb9e2cccb5d73335f76acc117bab
                                                                          • Instruction ID: 015b5e86d978ad16ff13459192e0f14b11a395e10d2bbf61ad40eda946440317
                                                                          • Opcode Fuzzy Hash: 2fe7946e5d76d1f2dbfd1bc15a689bde9788cb9e2cccb5d73335f76acc117bab
                                                                          • Instruction Fuzzy Hash: B521E074E04209CFDB04DFA9D5856EEBBF6FB8D310F20942AD959A2248DB351A41CF92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C08E7 Relevance: .1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fbe2d389e78b3421259133cd03d137c10462d3826436c782d90356802dab2251
                                                                          • Instruction ID: 726d19edd994e5ab477241fc8de33c5ca478a27389d7ff5fd6917cfe9cb25b74
                                                                          • Opcode Fuzzy Hash: fbe2d389e78b3421259133cd03d137c10462d3826436c782d90356802dab2251
                                                                          • Instruction Fuzzy Hash: DA11E030908189AFCB11DBB8B8642BC7FB1AF4620CF2496CDC4C49B257D6331A46D792
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0854 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8e8e7b8dddd57c19f8ce71113ae2c71efcf94c292dd5e3dc73007844a36d3f27
                                                                          • Instruction ID: 1c70f19c4d03fbbf0b8e02b0e0c138f55891c143dbd8e5eb51376737101b82eb
                                                                          • Opcode Fuzzy Hash: 8e8e7b8dddd57c19f8ce71113ae2c71efcf94c292dd5e3dc73007844a36d3f27
                                                                          • Instruction Fuzzy Hash: D911A1353141108FCB08EB78E8A996D7FF5FF8A21031545AEE14ACB372DA31DC058B50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010AD95F Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                          • Instruction ID: 4c7df25ce4d27559f5912b9232562f81ad8af0a0d24eeb7d6c07873c1b0fe1ef
                                                                          • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                          • Instruction Fuzzy Hash: 1611D076508280CFDB12CF54D5C4B16BFB2FB84314F24C2A9D8490BA56C33AD41ACBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010ADA47 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
                                                                          • Instruction ID: df829d1801cdd9c22c2e939f785ad71cb92fdee58ba09896e6e70b40e4cae54d
                                                                          • Opcode Fuzzy Hash: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
                                                                          • Instruction Fuzzy Hash: B911B276504280CFDB12CF54D5C4B56BFB1FB84314F24C6AAD9494BA56C33AD41ACBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010AD447 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                          • Instruction ID: 84782c25d923a9cfefee49a20799adb39890f1dc0a9eebbcc31aaa5e9d7f626b
                                                                          • Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                          • Instruction Fuzzy Hash: D211E375504280DFDB12CF54D5C4B5AFFB1FB84324F24C6AAD8894BA56C33AE44ACB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 010AD7A7 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648079956.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                          • Instruction ID: 29cb102a17cfa5714ed6d6dee48ed7ca1bb3f50b1f6d041f33ca8d2970c64689
                                                                          • Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                          • Instruction Fuzzy Hash: B511C175904280CFDB12CF58D5C4B1ABFA1FB84324F24C2AAD84D4BA56C33AD44ACB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0868 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 99cb23966cdc202d1c4ca4124d2713aeb1b92d0029e8e9b72b7d2f8a91adcde2
                                                                          • Instruction ID: 8b00cbe57a1ef6f43a2872b386b668b5592232b37139e6236f1c40103ecf5936
                                                                          • Opcode Fuzzy Hash: 99cb23966cdc202d1c4ca4124d2713aeb1b92d0029e8e9b72b7d2f8a91adcde2
                                                                          • Instruction Fuzzy Hash: A8014C353101118F8B48EB6DE898C6EBBE9FFC961035141A9E10ADB371DE31EC018B94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0D01 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f32c17974f55195d8b5d41c235d8c7620ca8dc4feb722aa5a3ec7fa2fa5a1ad
                                                                          • Instruction ID: ec250c79315b4c4a42d8cba78376228b2c3b581a243f69f8ae1a8549490f6307
                                                                          • Opcode Fuzzy Hash: 2f32c17974f55195d8b5d41c235d8c7620ca8dc4feb722aa5a3ec7fa2fa5a1ad
                                                                          • Instruction Fuzzy Hash: 75116970A052498FCB45CFB8C8509EEBBF5AF8E300F18856AC045B7365DB759906CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CDB30 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 493d03912962015f75cd1dcd14487c16c8d2052f73769755e09c2305a94049bb
                                                                          • Instruction ID: 7c85e23e409fac042a3cdb146e6bbc09832f1c7d6c879920370d074c03d06a35
                                                                          • Opcode Fuzzy Hash: 493d03912962015f75cd1dcd14487c16c8d2052f73769755e09c2305a94049bb
                                                                          • Instruction Fuzzy Hash: 6E01B5313007118BC710AB69D454B5EB7A6FFC4360B20863DD9468B344DFB5DC058BE5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0109D171 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648036969.000000000109D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0109D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_109d000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 66ff4979eb80313301d77092d4f6b2d355dd799c4310005ecdd11da86c4b0b4b
                                                                          • Instruction ID: 9b64a2c3a93fa809abaf3331db4069c8f57603f20374de689920940ba20bab50
                                                                          • Opcode Fuzzy Hash: 66ff4979eb80313301d77092d4f6b2d355dd799c4310005ecdd11da86c4b0b4b
                                                                          • Instruction Fuzzy Hash: 6A012BB2189304AAEB108A69CD9476BBFDCEF40360F08C46AED890A186C378D880D771
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0109D170 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648036969.000000000109D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0109D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_109d000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8c73edac2d936267ed4d7ab016514f058dbab505c696f00f8a713b90a197e6ff
                                                                          • Instruction ID: 95474c109185fbb4bab799b32e608d03ff89859ba7f0f81eb0a0a74d7a8d8c41
                                                                          • Opcode Fuzzy Hash: 8c73edac2d936267ed4d7ab016514f058dbab505c696f00f8a713b90a197e6ff
                                                                          • Instruction Fuzzy Hash: B1F0F672044344AEEB108A1ACCC8B62FFE8EF40734F18C45AED480F286C3799840CB70
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0A58 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 57dacfb5159ebe5b2dcaef7dd2e20f1745e70d601fac3838fbbfad4fc0f64c5a
                                                                          • Instruction ID: f25297b3145d580e7c5f2c85c29112ffa1462bc713819beaae1c484d9504902e
                                                                          • Opcode Fuzzy Hash: 57dacfb5159ebe5b2dcaef7dd2e20f1745e70d601fac3838fbbfad4fc0f64c5a
                                                                          • Instruction Fuzzy Hash: 7FE092300897848FC36653F8A4187A53FB85F42325FDC819AE48842463D7A60094C716
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CDF88 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b7beac8f05a9e5c497a81d161cab42f17e94d1bd15e9bb94356930c76d52fb47
                                                                          • Instruction ID: 9c4f7d1fb42d6533f9f5bc92e53c97d7feedd120b7102251f9fa0922de485d2a
                                                                          • Opcode Fuzzy Hash: b7beac8f05a9e5c497a81d161cab42f17e94d1bd15e9bb94356930c76d52fb47
                                                                          • Instruction Fuzzy Hash: 22F0EC3A010108EFCB4A9F80DA08C95BFAAFB0C320B0A80D5F6084B132C336D561EB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0838 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ceadefafba9d2becb5be4a96a35578e17a2510ba5fb97682ffe83b51504bcb72
                                                                          • Instruction ID: f9b647e11d90e5e17b6e430e0ae0b26a27129301c0543bc4538095a2c04cfb7f
                                                                          • Opcode Fuzzy Hash: ceadefafba9d2becb5be4a96a35578e17a2510ba5fb97682ffe83b51504bcb72
                                                                          • Instruction Fuzzy Hash: FEE026A244E3C18FE70247B4B8597E07F786E13214BAD00DED0D8CB167C2818056D313
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C8248 Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dc87bc7fc9b1df73311a437f273868561a9f32ea4ac1c6373cd5baf2d853f09d
                                                                          • Instruction ID: bb68cbe3f98c5fae3ba08bd02d3bce73edeca03a6656c722fc148206dcb03b23
                                                                          • Opcode Fuzzy Hash: dc87bc7fc9b1df73311a437f273868561a9f32ea4ac1c6373cd5baf2d853f09d
                                                                          • Instruction Fuzzy Hash: BDE0C27080D608DFC3019FA4E4085BCBBBCB707301F50509CA40823208CB310D04C746
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA08EB Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8a753b358397816702d888ac4eddb75aee08491a5a1558c7f2a4e6a26cc20c38
                                                                          • Instruction ID: 51aedb9094ebed3a393da101eca3c030746b9d936d3115213a8683ca97643c1c
                                                                          • Opcode Fuzzy Hash: 8a753b358397816702d888ac4eddb75aee08491a5a1558c7f2a4e6a26cc20c38
                                                                          • Instruction Fuzzy Hash: 48D0A7327381214F5D1C6269B86907E979FEFC6520314451BD007E7780DE260C0347D9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CB7B0 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37805d128f7e0b909d50612209aef4c2446238fe4ee3f04365a3bdd89b15b30d
                                                                          • Instruction ID: c2808f3b98d4636d4b276268c0cb06f762d528f372adbc8b6dcc69e34bd3a9f5
                                                                          • Opcode Fuzzy Hash: 37805d128f7e0b909d50612209aef4c2446238fe4ee3f04365a3bdd89b15b30d
                                                                          • Instruction Fuzzy Hash: DCE0B674E05208EFCB94EFA8E44569DBBF4EB48304F5081AAD818A3344D7755A54DF81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA010D Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2df9c82845fa1a2eafb28c32c6f364e0df8b3de455e8783d07ab338b710bb219
                                                                          • Instruction ID: 43c03df9bafdc42fa4391dc8ab48c4d73c50ac45ca362d450cbee4f60909f741
                                                                          • Opcode Fuzzy Hash: 2df9c82845fa1a2eafb28c32c6f364e0df8b3de455e8783d07ab338b710bb219
                                                                          • Instruction Fuzzy Hash: 93D05E36B300268B8F19A694E8580FDBB66EFC52207144412D51673744DF360D128BA6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CDBE0 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 483b84f0bda14b0dd9119c3ead97174e48693c952b6f8588537335db0f48182f
                                                                          • Instruction ID: a8e2a47402aeb25a841009a51d16abe3ee26753686657d093a03e9eb0a7000fa
                                                                          • Opcode Fuzzy Hash: 483b84f0bda14b0dd9119c3ead97174e48693c952b6f8588537335db0f48182f
                                                                          • Instruction Fuzzy Hash: 55D01730B0120CAFCB40DBB9CA0065EBBE9EB85304F1045A9D809C7354E936AE008791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CC980 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 34040b60741002a7d009cf2ab5ef15be0d600c751482bf91e9fcbd9eb6901da7
                                                                          • Instruction ID: d0c58532f3f96d6b01c40042c4c7ef4e13cb95eac06b4102775647b5616c8296
                                                                          • Opcode Fuzzy Hash: 34040b60741002a7d009cf2ab5ef15be0d600c751482bf91e9fcbd9eb6901da7
                                                                          • Instruction Fuzzy Hash: A9D012352003089FDF245B71D80C7577EADAB40251F44903AF40AC2254DB37C551CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C9FA0 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b986268c0566a267acd4c5a4cb41bd4a58bb7660a602c81d64f0b5c719e839a8
                                                                          • Instruction ID: 340babb85a65f2f44ff3bc8df6c7a050aebcb29443a1beaaabaf2c62adc5610b
                                                                          • Opcode Fuzzy Hash: b986268c0566a267acd4c5a4cb41bd4a58bb7660a602c81d64f0b5c719e839a8
                                                                          • Instruction Fuzzy Hash: AED0C9B0114E9589E73267B4B4183B07FBA770131DFD84269E4C48158AC7AF57A4C7A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0A68 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5015a71e140f638d79eaeb5fe7fbb1c09aee3ee3f76b08b668f20fd535ffff3b
                                                                          • Instruction ID: 3fe8829fc88622aa79b3c3d147818016b6b798bffe76c86ae8bc19b073368ba0
                                                                          • Opcode Fuzzy Hash: 5015a71e140f638d79eaeb5fe7fbb1c09aee3ee3f76b08b668f20fd535ffff3b
                                                                          • Instruction Fuzzy Hash: 20C02B300C0B05C6C23433EC700C764327C5740305FC88014B68C00040DFA70090C7B7
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C0848 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 199c46a0c760c7291d0ea932ff2ff77d64c24ee51f82cbd1b8912f49ba1e6058
                                                                          • Instruction ID: 6921a7767d5f473ededfa443dc83aa6979ce26a435c824c1f94da2aa5a1f7798
                                                                          • Opcode Fuzzy Hash: 199c46a0c760c7291d0ea932ff2ff77d64c24ee51f82cbd1b8912f49ba1e6058
                                                                          • Instruction Fuzzy Hash: BFB09274046A098AE6246AD8B8097A8B6BC670931AFC89218A98C42455CBBA5464D7A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 6CF12D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF12DFF
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF12E08
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF12E7E
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF12EB5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF12EC1
                                                                            • Part of subcall function 6CF1C850: VariantInit.OLEAUT32(?), ref: 6CF1C88F
                                                                            • Part of subcall function 6CF1C850: VariantInit.OLEAUT32(?), ref: 6CF1C895
                                                                            • Part of subcall function 6CF1C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1C8A0
                                                                            • Part of subcall function 6CF1C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF1C8D5
                                                                            • Part of subcall function 6CF1C850: VariantClear.OLEAUT32(?), ref: 6CF1C8E1
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF130D5
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF13550
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF13563
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF13569
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                          • String ID:
                                                                          • API String ID: 2012514194-0
                                                                          • Opcode ID: 59283d8ff0f10ff7c4a7adc29e69a56edc9da2e42324669234378fb18e19a4d9
                                                                          • Instruction ID: 5419fcf8146398269631a659cbc95ace4f730699d27b5033904b2f1941eeed8c
                                                                          • Opcode Fuzzy Hash: 59283d8ff0f10ff7c4a7adc29e69a56edc9da2e42324669234378fb18e19a4d9
                                                                          • Instruction Fuzzy Hash: 33528D71D04218DFCB05DFA8C884BEEBBB5BF49704F258199E509ABB41DB70A949CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6CF80634,6CF80738,?), ref: 6CF0A119
                                                                          • GetModuleHandleW.KERNEL32(mscorwks), ref: 6CF0A145
                                                                          • __cftoe.LIBCMT ref: 6CF0A1FB
                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6CF0A215
                                                                          • GetProcAddress.KERNEL32(00000000,00000018), ref: 6CF0A265
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                                          • String ID: mscorwks$v2.0.50727$wks
                                                                          • API String ID: 1312202379-2066655427
                                                                          • Opcode ID: 317dce3bae09cfdd4b846818e99ae1dfaff374105d36a6498add68e967e290e3
                                                                          • Instruction ID: d5294a986e749ea20d1c1063f2a984fd2ced5ba0089bc5e609e8126032930dfb
                                                                          • Opcode Fuzzy Hash: 317dce3bae09cfdd4b846818e99ae1dfaff374105d36a6498add68e967e290e3
                                                                          • Instruction Fuzzy Hash: 17917671E052899FCB04DFE8D890A9EBBF5FF49700F20866DE519EB640C731A905CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4DBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,8193A27A,6CF78180,00000000,?), ref: 6CF4DBFB
                                                                          • GetLastError.KERNEL32 ref: 6CF4DC01
                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6CF4DC15
                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6CF4DC26
                                                                          • SetLastError.KERNEL32(00000000), ref: 6CF4DC2D
                                                                            • Part of subcall function 6CF4D9D0: GetLastError.KERNEL32(00000010,8193A27A,75A8FC30,?,00000000), ref: 6CF4DA1A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF4DC78
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                                                          • API String ID: 3279666080-1159690233
                                                                          • Opcode ID: bb0549b3fd5cd2094cd7e41b6c8c6d083cf703f7eb427bd699a961e3ddf7aebd
                                                                          • Instruction ID: 5f809ef1c53ff42c2d1c4627ea91e2c4e992275e8447ba4ba371e2905872f1d3
                                                                          • Opcode Fuzzy Hash: bb0549b3fd5cd2094cd7e41b6c8c6d083cf703f7eb427bd699a961e3ddf7aebd
                                                                          • Instruction Fuzzy Hash: 3B21F671258301BFE310DB24DC45F5B7BF8AB49754F40091EF241A6AC0EBF5E4048BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsDebuggerPresent.KERNEL32 ref: 6CF5CE6C
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CF5CE81
                                                                          • UnhandledExceptionFilter.KERNEL32(6CF79428), ref: 6CF5CE8C
                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 6CF5CEA8
                                                                          • TerminateProcess.KERNEL32(00000000), ref: 6CF5CEAF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                          • String ID:
                                                                          • API String ID: 2579439406-0
                                                                          • Opcode ID: c2c82d6b461c891fc066ee3885869163fb21571f20d37a028a063118d39f25ba
                                                                          • Instruction ID: 2d9a33b87c05f1fec3bfb237fb2f631a439fc6c1ffdaf0e71d78f6ebfb766686
                                                                          • Opcode Fuzzy Hash: c2c82d6b461c891fc066ee3885869163fb21571f20d37a028a063118d39f25ba
                                                                          • Instruction Fuzzy Hash: 4D21CEB5E25214DFCFE9DF19D448784BBB4FB0A314F50491AE90987B40E7B05985CF19
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF52310 Relevance: 6.7, APIs: 4, Instructions: 663COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF524A1
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • std::exception::exception.LIBCMT ref: 6CF5248C
                                                                            • Part of subcall function 6CF59533: std::exception::_Copy_str.LIBCMT ref: 6CF5954E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 757275642-0
                                                                          • Opcode ID: 5b96572b2eb35387de131818be4bc771e5005b35c9e9f3a99da58f2c4d863409
                                                                          • Instruction ID: e3491df827adb9579731fc3a74f5977a0e2c3e55b142f83b4770cfd86fc914f3
                                                                          • Opcode Fuzzy Hash: 5b96572b2eb35387de131818be4bc771e5005b35c9e9f3a99da58f2c4d863409
                                                                          • Instruction Fuzzy Hash: 0132C475A016058FDB08CFA8C494A9EB7F5FFA9704F64422CE6029BB54EB31ED15CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF45DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea6586f77e81d0ec3451239ad598c3de92d371f22af85a0a3943c25ff4b9214a
                                                                          • Instruction ID: ebd0c103ddcf7fa39ddbbc693af081e96b25218610322853445abe5d194b7cd4
                                                                          • Opcode Fuzzy Hash: ea6586f77e81d0ec3451239ad598c3de92d371f22af85a0a3943c25ff4b9214a
                                                                          • Instruction Fuzzy Hash: 19029070A283548FCBA4CF69C4A063EBFF1EBCA311F41091EE5F9572A1D234A559CB25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF45EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove
                                                                          • String ID:
                                                                          • API String ID: 4104443479-0
                                                                          • Opcode ID: 73db93755c80cb32c0a42b5b992447ab76d8d420c9f6846386c573cb544fd930
                                                                          • Instruction ID: db07a13056c7f23b4e80e93728a84a9b058f06f7e3039483ee33a688e7fcdb3e
                                                                          • Opcode Fuzzy Hash: 73db93755c80cb32c0a42b5b992447ab76d8d420c9f6846386c573cb544fd930
                                                                          • Instruction Fuzzy Hash: 1FE181719283948FCBA4CF69D8A063E7FF1EBC6211F41090EE6F5572A1D234A16DCB25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HERE$LOOK$Gvq$Gvq
                                                                          • API String ID: 0-802966049
                                                                          • Opcode ID: cfadcd57db976c5382355f64b4699505828153a3a16e374a5dd67b0bcc9fc452
                                                                          • Instruction ID: 341b2874efc9e8310afec5d18b1ad7eb2c3e06b1087eef30e734701c4ef98cb1
                                                                          • Opcode Fuzzy Hash: cfadcd57db976c5382355f64b4699505828153a3a16e374a5dd67b0bcc9fc452
                                                                          • Instruction Fuzzy Hash: 25F1B075E4522A8FDB64CF69C988BDDBBF2BB48314F1085E6D409A7355DB30AE808F50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4DE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptGenRandom.ADVAPI32(?,?,?,8193A27A,00000000), ref: 6CF4DE6F
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF4DEB9
                                                                            • Part of subcall function 6CF4DD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CF6F0E6,000000FF,6CF4DF67,00000000,?), ref: 6CF4DDB4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                                          • String ID: CryptGenRandom
                                                                          • API String ID: 1047471967-3616286655
                                                                          • Opcode ID: 4fc3bced59338dcd002b81ee409fed637fd8a513ebd4bb91096e429e25c12997
                                                                          • Instruction ID: c31282e4024c863d0f0fa5e35cb80a5476dff77fbba9016934f6490b5b508594
                                                                          • Opcode Fuzzy Hash: 4fc3bced59338dcd002b81ee409fed637fd8a513ebd4bb91096e429e25c12997
                                                                          • Instruction Fuzzy Hash: E2215C716183409FC714DF24C444B9ABBF9FB89718F008A1EF49597B80EB75E508CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF463B0 Relevance: 5.1, APIs: 3, Instructions: 648COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove
                                                                          • String ID:
                                                                          • API String ID: 4104443479-0
                                                                          • Opcode ID: 9356b19109c3110c6ac42ce0c4a56daa24d2c527a569e993b8d40c57aaa57fc9
                                                                          • Instruction ID: 7d7497afcaa44f64c4efb516009665e416718951f059705c72448cc00b6e816d
                                                                          • Opcode Fuzzy Hash: 9356b19109c3110c6ac42ce0c4a56daa24d2c527a569e993b8d40c57aaa57fc9
                                                                          • Instruction Fuzzy Hash: DA520370A146658FCB94CF29C490536BBF2EFCA311754855EE8CA9B38AD334F552CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4D9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00000010,8193A27A,75A8FC30,?,00000000), ref: 6CF4DA1A
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastXinvalid_argumentstd::_
                                                                          • String ID: operation failed with error $OS_Rng:
                                                                          • API String ID: 406877150-700108173
                                                                          • Opcode ID: 372c9e2532fcfa47f28366e6c1846dad921d0aebe7d3f2a6a97419a6602972b5
                                                                          • Instruction ID: b19b5f6c5b3e48ecac82edc5d52d9abb70e366466b9c960fcc2190717ee441d3
                                                                          • Opcode Fuzzy Hash: 372c9e2532fcfa47f28366e6c1846dad921d0aebe7d3f2a6a97419a6602972b5
                                                                          • Instruction Fuzzy Hash: E5419FB1908380AFD320CF65D841B9BBBE8BF99704F108D2EE18987741DB759509CB63
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF51CA0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::exception::exception.LIBCMT ref: 6CF51E1D
                                                                            • Part of subcall function 6CF59533: std::exception::_Copy_str.LIBCMT ref: 6CF5954E
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF51E32
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 757275642-0
                                                                          • Opcode ID: 65d48380213c911d097404421cb554218e0e9062381c2405d6e23f41a639e463
                                                                          • Instruction ID: 473a951c0ce7f5c49c91730acd81de6612d4aa1344d632260e860e9f10a76c2a
                                                                          • Opcode Fuzzy Hash: 65d48380213c911d097404421cb554218e0e9062381c2405d6e23f41a639e463
                                                                          • Instruction Fuzzy Hash: 8F32B275A016059FDB08CF98C894AAFB3B6BF98704F54821CE6169BB54EB31FD14CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05292DC0 Relevance: 3.0, Strings: 2, Instructions: 503COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4|cq$4|cq
                                                                          • API String ID: 0-1798997883
                                                                          • Opcode ID: d44620c4bee94fee068012c5a3588ff35f4e739ec4a6f78d6fc1910bb9348acc
                                                                          • Instruction ID: c73dcf23766568e7ea78c3b2331b61f726ae551fe4512ee39dc5bcb8c9cbd66c
                                                                          • Opcode Fuzzy Hash: d44620c4bee94fee068012c5a3588ff35f4e739ec4a6f78d6fc1910bb9348acc
                                                                          • Instruction Fuzzy Hash: E212AE34E14209DFDF18DFA9C494AAEBBB2BF85300F258469D44AAB361CB35DC41CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF60B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 54e47e3226d35349a6f05aff7ccf87437486fe7195e15b61cc97a11f78ebdacb
                                                                          • Instruction ID: 51515924eb23a289804256e18933b1197af9ec409e9fcd851cdcb2ec92ce19cc
                                                                          • Opcode Fuzzy Hash: 54e47e3226d35349a6f05aff7ccf87437486fe7195e15b61cc97a11f78ebdacb
                                                                          • Instruction Fuzzy Hash: 6E322622E39F514DDB639639D832326726CAFB73C8F65D727E816B5D96EB29C0834100
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4DEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4760: __CxxThrowException@8.LIBCMT ref: 6CEF47F9
                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6CF4DF7B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextCryptException@8ReleaseThrow
                                                                          • String ID:
                                                                          • API String ID: 3140249258-0
                                                                          • Opcode ID: 5ca89d941be572140e8ea2214b020e190621d0cdbb9542f6c8974f637ce33024
                                                                          • Instruction ID: 7a15a6f526d11ebee3d4c962b1db1ded06ee06268b93b7f2c7fffde5c3702076
                                                                          • Opcode Fuzzy Hash: 5ca89d941be572140e8ea2214b020e190621d0cdbb9542f6c8974f637ce33024
                                                                          • Instruction Fuzzy Hash: 7C21B0B6508340ABC740DF15D940B4BBBE8EB99768F440A1DF88583781D775E508CBA3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4DD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CF6F0E6,000000FF,6CF4DF67,00000000,?), ref: 6CF4DDB4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextCryptRelease
                                                                          • String ID:
                                                                          • API String ID: 829835001-0
                                                                          • Opcode ID: 75d5a26d76020903b9dbdcca460665e1a85e9a0b0e7fcfbbbacfffc0e0d53a4b
                                                                          • Instruction ID: a1c9c532b05abf5f249f847d3c6626d5b037a2565468df3b8d85f473d5e9ed8f
                                                                          • Opcode Fuzzy Hash: 75d5a26d76020903b9dbdcca460665e1a85e9a0b0e7fcfbbbacfffc0e0d53a4b
                                                                          • Instruction Fuzzy Hash: 5A1106B1F147505BEB64CF18C8807523BF8E749744F14492DE915C3B81EB75D90587A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF735E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF735F5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextCryptRelease
                                                                          • String ID:
                                                                          • API String ID: 829835001-0
                                                                          • Opcode ID: e9a1a8ec6aed62d46f44cd6b563324c3a30bd0ea5e139723f2a8fb88a68d6695
                                                                          • Instruction ID: 5568cec1212400ab5d56d1db3a122466025445b18ecb67c466983117b58a85d8
                                                                          • Opcode Fuzzy Hash: e9a1a8ec6aed62d46f44cd6b563324c3a30bd0ea5e139723f2a8fb88a68d6695
                                                                          • Instruction Fuzzy Hash: A3D05EB1A1212267FE718B64AC05B4636E85B06254F180415E504C7280DF60D6058B74
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4D7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF4D803
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextCryptRelease
                                                                          • String ID:
                                                                          • API String ID: 829835001-0
                                                                          • Opcode ID: e97c8e53831f66c7bfe4b84a9749eb1bbf797f128b6fd0028b41331fc0054123
                                                                          • Instruction ID: e4f5c159a01a53dc0c09fab51e66f5b012b0008f9f623c110a00639604634a18
                                                                          • Opcode Fuzzy Hash: e97c8e53831f66c7bfe4b84a9749eb1bbf797f128b6fd0028b41331fc0054123
                                                                          • Instruction Fuzzy Hash: 5FD02EB1B0122022E3219B14EC05B877BCC0F02A08F26842EF649D2680C6B0C540C7E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4D7D3 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF4D7E0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ContextCryptRelease
                                                                          • String ID:
                                                                          • API String ID: 829835001-0
                                                                          • Opcode ID: badc702f255e0cfc432e28fd6ce5d4b049863fc76d3270447b1f0b4440cd7ffb
                                                                          • Instruction ID: 2b6cb3d75ae88ba239468c213fb6bfad3aa50d2a33f2312743c02e0fedce2955
                                                                          • Opcode Fuzzy Hash: badc702f255e0cfc432e28fd6ce5d4b049863fc76d3270447b1f0b4440cd7ffb
                                                                          • Instruction Fuzzy Hash: 8FB012B0F6220017FE281712CE5C7193C100B41215E1004083505508454369D0004518
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF45830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: f007bf68fa5c0e15fb30524bf54350d82ba9fdbf0fb840541e12dcdc51f0ea02
                                                                          • Instruction ID: 80eb69dee6ef91c89a16b40c8e4e977fdbdb4a7ff6747d67398f07a8c4893ad9
                                                                          • Opcode Fuzzy Hash: f007bf68fa5c0e15fb30524bf54350d82ba9fdbf0fb840541e12dcdc51f0ea02
                                                                          • Instruction Fuzzy Hash: 38917C72819B868BE705CF2CC8829AAB7E0FFD9354F149B1DFDD4A2601EB349944C781
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029CC9B8 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o^q
                                                                          • API String ID: 0-74704288
                                                                          • Opcode ID: 5bb9c93b0dec70ea5818935988aa4665a670721830748e310f15ef3925264b82
                                                                          • Instruction ID: 63c98703a23419e84cc0e1a2caa29163ad8b5903958647295851002bddc1bbbd
                                                                          • Opcode Fuzzy Hash: 5bb9c93b0dec70ea5818935988aa4665a670721830748e310f15ef3925264b82
                                                                          • Instruction Fuzzy Hash: AC61A171A00616CFCB14CFA8C8886AEBFB6BF88354F25456ED509E7364D731E841CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF6BFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: N@
                                                                          • API String ID: 0-1509896676
                                                                          • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                          • Instruction ID: 06f297c80a5b33bc92dfd030ffa79dd221a681bbd86d67337dfa1fb374a3c07a
                                                                          • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                          • Instruction Fuzzy Hash: 1F617B729013158FDB08CF4AC48469EBBF2FF84314F2AC1AED8595BB62C7B19944CB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C1318 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4'^q
                                                                          • API String ID: 0-1614139903
                                                                          • Opcode ID: 48d5b1e35e7fe9be6957a94b13b49abaa4d3644d0a5c24c7b19c7878d2663e7b
                                                                          • Instruction ID: 0197e81e7b102acf71ff5701dc99251bcf8f1a3dcf344147aa4473a5a67d3199
                                                                          • Opcode Fuzzy Hash: 48d5b1e35e7fe9be6957a94b13b49abaa4d3644d0a5c24c7b19c7878d2663e7b
                                                                          • Instruction Fuzzy Hash: BD712C74A006098FDB48EF7AE99069EBBF3FB84304F04C529D0889B269DB755949CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C1328 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4'^q
                                                                          • API String ID: 0-1614139903
                                                                          • Opcode ID: 3d1fb2d5a2d6beb1692eb2a4c66e2b904b153435c283548d3b744ef88dcd68f8
                                                                          • Instruction ID: d399aef313b15652fa7a3f718a8497f8cd95bf20c80c3c0eeeb5b842e78b639b
                                                                          • Opcode Fuzzy Hash: 3d1fb2d5a2d6beb1692eb2a4c66e2b904b153435c283548d3b744ef88dcd68f8
                                                                          • Instruction Fuzzy Hash: A1611B74A006098FDB18EF7AE99069EBBF3FB84304F14C529D0889B268DB755949CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF458D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 555213f42418de6187231187b57932f8f9a37a8ab66e9a46d82031df5fe5279a
                                                                          • Instruction ID: 694dd06001f23f9a8303b63d26c8ff7192f786eae092784253e4b7864db5b5ac
                                                                          • Opcode Fuzzy Hash: 555213f42418de6187231187b57932f8f9a37a8ab66e9a46d82031df5fe5279a
                                                                          • Instruction Fuzzy Hash: CC516D72819B868BE715CF2DC8825AAF7A0BFD9248F20DB1DFDD462A01EB758544C781
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF458D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 0095c663f4b673f487208d12d81202bc67af58be46fc777c5511349b16393214
                                                                          • Instruction ID: cfc7b7ba31c14dc2beb221d9569f33ea70484f88466290e12e79c1db16090a1d
                                                                          • Opcode Fuzzy Hash: 0095c663f4b673f487208d12d81202bc67af58be46fc777c5511349b16393214
                                                                          • Instruction Fuzzy Hash: 3B516E72819B868BE705CF2DC8825AAF7A0BFD9348F20DB1DFDD462A01EB758544C781
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 029C1788 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1648384656.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_29c0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: *
                                                                          • API String ID: 0-163128923
                                                                          • Opcode ID: 6ef71b1ddb916efb32f59a536672e043aaea57c0273886a66babb97207c4b68c
                                                                          • Instruction ID: 8e9c255c5a0c81830402277a00b8b0edff55a3bb2ac158f15183ce8d69692156
                                                                          • Opcode Fuzzy Hash: 6ef71b1ddb916efb32f59a536672e043aaea57c0273886a66babb97207c4b68c
                                                                          • Instruction Fuzzy Hash: A6414EB1D05A588BEB28CF6BCD0479AFAF7AFC8301F14C5BA840CA6254DB700A818F11
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296D38 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: lcq
                                                                          • API String ID: 0-2234873037
                                                                          • Opcode ID: 8ef0b53b4bdb18231d74940242bb7e0553bca9bdcc59f6db32baa2f74c3792a5
                                                                          • Instruction ID: d1b8ca8c1fae36c61e37e3e93d6f5e12a33d1c208c536d92ab848127b4e6fa6f
                                                                          • Opcode Fuzzy Hash: 8ef0b53b4bdb18231d74940242bb7e0553bca9bdcc59f6db32baa2f74c3792a5
                                                                          • Instruction Fuzzy Hash: EC31D275D41208AFDB04CFA8D480AEEBBB5FF49310F10906AE911B7260DB719A458FA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296D40 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: lcq
                                                                          • API String ID: 0-2234873037
                                                                          • Opcode ID: 723979e816517a7171c49c52c09b42cb7d782fbb099444293b78212ecfdc620a
                                                                          • Instruction ID: 0eb006e9270e6237722b22fa4e47ebb4322f4a4e1c27b00b3cce0f95d624c318
                                                                          • Opcode Fuzzy Hash: 723979e816517a7171c49c52c09b42cb7d782fbb099444293b78212ecfdc620a
                                                                          • Instruction Fuzzy Hash: 7931E475D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE911B7260DB719A45CF95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF33460 Relevance: .7, Instructions: 681COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                          • Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
                                                                          • Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                          • Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF33E50 Relevance: .5, Instructions: 514COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                          • Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
                                                                          • Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                          • Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF34AC0 Relevance: .4, Instructions: 424COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                          • Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
                                                                          • Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                          • Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF45050 Relevance: .4, Instructions: 401COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c8d46286d68e8342f5b7505da3f1350042fd0dede01606dadaa6ef544f12784
                                                                          • Instruction ID: 4f47d135aaff3ab67b81dc04a1ee22523e7d51f7a87e26c6c90cdd163bfab0d5
                                                                          • Opcode Fuzzy Hash: 6c8d46286d68e8342f5b7505da3f1350042fd0dede01606dadaa6ef544f12784
                                                                          • Instruction Fuzzy Hash: 1F029F3280A2B49FDB92EF5ED8405AB73F5FF90355F438A2ADC8163241D335EA099794
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF34550 Relevance: .3, Instructions: 326COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                          • Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
                                                                          • Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                          • Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF45274 Relevance: .2, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                          • Instruction ID: 937346eda1bd0f04538fd595acfced514df8b9d5749ad0c0a76a9a5174dee886
                                                                          • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                          • Instruction Fuzzy Hash: 76A1423241A2B49FDB92EF6ED8400AB73A5EF94355F43892FDCC167281C235EA089795
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF33260 Relevance: .2, Instructions: 177COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                          • Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
                                                                          • Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                          • Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF33C90 Relevance: .2, Instructions: 164COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                          • Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
                                                                          • Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                          • Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF34970 Relevance: .1, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                          • Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
                                                                          • Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                          • Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529573C Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7a34da3a7d539f58017a12244a124e7e7c974492d6fc615160857d42dffac799
                                                                          • Instruction ID: ee252f97a584824caef25e789068df6df4eb2172a2a3b910c6ad220440358aee
                                                                          • Opcode Fuzzy Hash: 7a34da3a7d539f58017a12244a124e7e7c974492d6fc615160857d42dffac799
                                                                          • Instruction Fuzzy Hash: 5641FDB4E102499FDB18CFA9C885BEDBBF1BF09300F249129E818AB350D7749885CF44
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05295748 Relevance: .1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e224e1b32f7704c74176261149f2ab1db50ea5f933973d84ebbb3315d8aaab2c
                                                                          • Instruction ID: a757664019e444eeed991b619140ae9b927e746874fc88a520e10b0a43382118
                                                                          • Opcode Fuzzy Hash: e224e1b32f7704c74176261149f2ab1db50ea5f933973d84ebbb3315d8aaab2c
                                                                          • Instruction Fuzzy Hash: AA41EEB4E102499FDB18CFA9C885BEDBBF1BF09300F209129E819AB350D7749885CF45
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF44EE0 Relevance: .1, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2be6d5c88472809d2c18170024fe0de1acdbdceea65313ad51e02fe5713ab597
                                                                          • Instruction ID: 459d32645f62aeccbad7d85daa4e7a71fc48fc71b789a2511977e405e3a8d61c
                                                                          • Opcode Fuzzy Hash: 2be6d5c88472809d2c18170024fe0de1acdbdceea65313ad51e02fe5713ab597
                                                                          • Instruction Fuzzy Hash: 83418F7160C30D0ED35CFEE496DB397B6D4E38D280F41543F9B019B192FEA0955996D4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D658 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fe3c26a6dcaa3d527b1b2ec1605a51e7d83b3785e916396c4aa0ac654825aab7
                                                                          • Instruction ID: 46e1279434886215bbf42bbe1aa0840eaf8093ec3bd7a67f0510302697db7f40
                                                                          • Opcode Fuzzy Hash: fe3c26a6dcaa3d527b1b2ec1605a51e7d83b3785e916396c4aa0ac654825aab7
                                                                          • Instruction Fuzzy Hash: 4231DBB9D05258CFCB04CFA9D484AEEFBF1AF09310F24906AE418B7250C338A985CF64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296C28 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea3355f38808a34768b5e61525dc9c4168c2586cb14d0cbdc5372e90e203adb7
                                                                          • Instruction ID: 0e4ada4a4ba3973f187fac234d56e784f210ecd439d241593d8e7953aa64c114
                                                                          • Opcode Fuzzy Hash: ea3355f38808a34768b5e61525dc9c4168c2586cb14d0cbdc5372e90e203adb7
                                                                          • Instruction Fuzzy Hash: 1E310675D41208AFCB04CFA8D880AEEBBF5FF49310F109069E911B7360DB719A45CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D660 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4297744f323d2f978a22e6048efeb281dcaeeac40bc1934b816fcc595ff01fda
                                                                          • Instruction ID: 721b3a76cf81e6e9e335ecb6b5ee14547591b7a582b484410bbf1787002470e6
                                                                          • Opcode Fuzzy Hash: 4297744f323d2f978a22e6048efeb281dcaeeac40bc1934b816fcc595ff01fda
                                                                          • Instruction Fuzzy Hash: 1B31ABB9D05258DFCB10CFAAD484AEEFBF5AF49310F14906AE418B7250D374A945CF64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296C30 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9080359c825b581eac0564451a39b6c50a34f92c86e3d1e8c79c8b454d3ebd8c
                                                                          • Instruction ID: 06ddc515c213423da82cdace92f57653352855bb8bed0f5523286ee968ddfa19
                                                                          • Opcode Fuzzy Hash: 9080359c825b581eac0564451a39b6c50a34f92c86e3d1e8c79c8b454d3ebd8c
                                                                          • Instruction Fuzzy Hash: 7231E475E41208AFDB04CFA8D480AEEBBF5FF49310F10946AE911B7260DB719A45CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296E48 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b5b9318179869fdaf1b19b14a773d6d463ca962c9eefe30010c5921c5f37f96
                                                                          • Instruction ID: e40662ca4d2e62590e5c9251c52c44fd6d2ed6ed2ea7854ec34dc9da540b8055
                                                                          • Opcode Fuzzy Hash: 1b5b9318179869fdaf1b19b14a773d6d463ca962c9eefe30010c5921c5f37f96
                                                                          • Instruction Fuzzy Hash: D731D3B5D41208AFDB04CFA8D580AEEBBF1FF49310F10946AE911B7260DB719A45CF95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05296E50 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ec2074bb02bcdbed0bc4a9399a20370eff2f94f4d41c651b64262aea603b45b0
                                                                          • Instruction ID: 02d1e2c2d8843f86544a680039663ff65651153f4cd98b3850427af90711670a
                                                                          • Opcode Fuzzy Hash: ec2074bb02bcdbed0bc4a9399a20370eff2f94f4d41c651b64262aea603b45b0
                                                                          • Instruction Fuzzy Hash: AF31E475D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE911B7260DB719A45CF95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF6650 Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                          • Instruction ID: 0eb33cbe7e856f32153558848e25096360ca985f893168f59f036bb4dcc30ac4
                                                                          • Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                          • Instruction Fuzzy Hash: 0221EB357165524BD705CF2DC480896B7A7EF8D31472981F9E418CB283C670E916C7D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF8B30 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                          • Instruction ID: d9e4e990a473cf70da852163e4b1c569599d1d72cef943345133c3b06b5020d8
                                                                          • Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                          • Instruction Fuzzy Hash: 70219F757056974BE715CF2EC84059BBBA3EFD9304B2980B7E858DB242C674E866CBC0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D190 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1957f59afae03bad1ee4a8051a95d138dc6401046ad6d62aaf15a6b51f041f4b
                                                                          • Instruction ID: de01982a2648a0eac602cc4ec5c9327867791aa57d6003e586911eaa1d87fc4f
                                                                          • Opcode Fuzzy Hash: 1957f59afae03bad1ee4a8051a95d138dc6401046ad6d62aaf15a6b51f041f4b
                                                                          • Instruction Fuzzy Hash: AD21CAB5D112189FCB14CFA9D984ADEFBF4EB49320F24902AE818B3311C374A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEFA7E0 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                          • Instruction ID: 7bc6856dc799eaa14a335217df85f420046ef5397632e45659b8cbd616e7a4e1
                                                                          • Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                          • Instruction Fuzzy Hash: 30112431A457960BD3018E2DC840682BB77AF8A714B1A81AAE854DF217C6B8981BC7D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEFC7B0 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                          • Instruction ID: 2e251b0817f35b9a8e7d62eefde150418913fe058cbdc171d3f4a38966476846
                                                                          • Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                          • Instruction Fuzzy Hash: 7011DA3570A74207F314CE3EE840483B7A3AFCD31877A85AAA454DF246C771E416C681
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0529D198 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1660446228.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5290000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4be55671df348c75ccc43336aaf49ab5d883f92b0f759f44a754604718592d7e
                                                                          • Instruction ID: f7a4b5ac531a9d72b4dac4ff21165d9f1820c54e67ad3d8af8ad30e622fae2c2
                                                                          • Opcode Fuzzy Hash: 4be55671df348c75ccc43336aaf49ab5d883f92b0f759f44a754604718592d7e
                                                                          • Instruction Fuzzy Hash: E721A8B9D052189FCB14CFA9D584ADEFBF4EB49320F24902AE818B7311C375A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF584B0 Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 77cbf55e1416c015e065b069693c023809fb04d4134bc658624ba47d00754432
                                                                          • Instruction ID: d0024facdbe0dbef0378aa104317532e749d29d854c689cf4854e4cc6c07565b
                                                                          • Opcode Fuzzy Hash: 77cbf55e1416c015e065b069693c023809fb04d4134bc658624ba47d00754432
                                                                          • Instruction Fuzzy Hash: 27113CB2A48609EFCB14CF59D841B99FBF4FB44724F20862AE91993B80D735A910CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF66FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • operator+.LIBCMT ref: 6CF66FCC
                                                                            • Part of subcall function 6CF64147: DName::DName.LIBCMT ref: 6CF6415A
                                                                            • Part of subcall function 6CF64147: DName::operator+.LIBCMT ref: 6CF64161
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: NameName::Name::operator+operator+
                                                                          • String ID:
                                                                          • API String ID: 2937105810-0
                                                                          • Opcode ID: e5159888bfb510ee327ee363b6c89aaca7c3242f752338923cca337ca181e837
                                                                          • Instruction ID: e91fadca90a19dbbd9c20af061c81bf95907c29090950ff40d8060f5e7485751
                                                                          • Opcode Fuzzy Hash: e5159888bfb510ee327ee363b6c89aaca7c3242f752338923cca337ca181e837
                                                                          • Instruction Fuzzy Hash: 33D12E75D10209AFDF00DFA9C891AEEBBF4EF09314F10415AE515E7B90EB359A49CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ECA5
                                                                          • __mtterm.LIBCMT ref: 6CF5ECB1
                                                                            • Part of subcall function 6CF5E97C: DecodePointer.KERNEL32(00000012,6CF5A397,6CF5A37D,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5E98D
                                                                            • Part of subcall function 6CF5E97C: TlsFree.KERNEL32(0000000C,6CF5A397,6CF5A37D,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5E9A7
                                                                            • Part of subcall function 6CF5E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6CF5A397,6CF5A37D,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF62325
                                                                            • Part of subcall function 6CF5E97C: DeleteCriticalSection.KERNEL32(0000000C,?,?,6CF5A397,6CF5A37D,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF6234F
                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6CF5ECC7
                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6CF5ECD4
                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6CF5ECE1
                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6CF5ECEE
                                                                          • TlsAlloc.KERNEL32(?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ED3E
                                                                          • TlsSetValue.KERNEL32(00000000,?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ED59
                                                                          • __init_pointers.LIBCMT ref: 6CF5ED63
                                                                          • EncodePointer.KERNEL32(?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ED74
                                                                          • EncodePointer.KERNEL32(?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ED81
                                                                          • EncodePointer.KERNEL32(?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ED8E
                                                                          • EncodePointer.KERNEL32(?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5ED9B
                                                                          • DecodePointer.KERNEL32(Function_0006EB00,?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5EDBC
                                                                          • __calloc_crt.LIBCMT ref: 6CF5EDD1
                                                                          • DecodePointer.KERNEL32(00000000,?,?,6CF5A2D4,6CF895C0,00000008,6CF5A468,?,?,?,6CF895E0,0000000C,6CF5A523,?), ref: 6CF5EDEB
                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CF5EDFD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                          • API String ID: 1868149495-3819984048
                                                                          • Opcode ID: 823e8fda0c0cceb9504c92078519997e59a94ebeb205fad9aefbddf963601799
                                                                          • Instruction ID: 0709bb7120bcf23409b8efe60f1840b79eda20d832299eec062cc9ac24005093
                                                                          • Opcode Fuzzy Hash: 823e8fda0c0cceb9504c92078519997e59a94ebeb205fad9aefbddf963601799
                                                                          • Instruction Fuzzy Hash: AE31C031F203549BEF91BF75AD09B563FB4BB17764761052AE52482690DB398411CFE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF00EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove$Xinvalid_argumentstd::_
                                                                          • String ID: invalid string position$string too long
                                                                          • API String ID: 1771113911-4289949731
                                                                          • Opcode ID: b2073f4953183d8972e095161845cd8657ce7a9b991cc8726ea4ec79552ebe2a
                                                                          • Instruction ID: 7b4851a561f4d64daaa81836ebb623eddc2adbc65d11f5549bcbd4972225549e
                                                                          • Opcode Fuzzy Hash: b2073f4953183d8972e095161845cd8657ce7a9b991cc8726ea4ec79552ebe2a
                                                                          • Instruction Fuzzy Hash: F2B17E713001449BDB28CF1CDDA0A9F73AAEB85B08754891DF892CBB81C770ED55EBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF67FC4 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6CF67FFF
                                                                          • DName::operator=.LIBCMT ref: 6CF68013
                                                                          • DName::operator+=.LIBCMT ref: 6CF68021
                                                                          • UnDecorator::getPtrRefType.LIBCMT ref: 6CF6804D
                                                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 6CF680CA
                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6CF680D3
                                                                          • operator+.LIBCMT ref: 6CF68166
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                                          • String ID: std::nullptr_t$volatile
                                                                          • API String ID: 2203807771-3726895890
                                                                          • Opcode ID: 74f7356643ba6e9a7b1060fa7225bb78edbb0a3ec993d5a81aeacaeca6680d4f
                                                                          • Instruction ID: 91c1fca5decb88b47c64ed5d5c31dba09a7ea79a39e919526f65e7141388ac64
                                                                          • Opcode Fuzzy Hash: 74f7356643ba6e9a7b1060fa7225bb78edbb0a3ec993d5a81aeacaeca6680d4f
                                                                          • Instruction Fuzzy Hash: D541B1B2914108BFCF209F56CC80AEE7B74FB07349F21856FE9545BE51D7319A858B50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF15140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF15177
                                                                            • Part of subcall function 6CF22820: _malloc.LIBCMT ref: 6CF22871
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6CF151B9
                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CF151D5
                                                                          • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6CF151E5
                                                                          • _memmove.LIBCMT ref: 6CF151FF
                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF15208
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF1522C
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF15263
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1526C
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CF152AD
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF152B6
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6CF152D2
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF1534E
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF15358
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                                                          • String ID:
                                                                          • API String ID: 452649785-0
                                                                          • Opcode ID: fa6933f93615d477d86d67d4ec1d7f5e5c42c5b3bd69e63fd0092f71d95b16fe
                                                                          • Instruction ID: c4cb4fffada2ffa7ba64a27646b73140afc5857ba0f7cf8f7b65eaf83143a479
                                                                          • Opcode Fuzzy Hash: fa6933f93615d477d86d67d4ec1d7f5e5c42c5b3bd69e63fd0092f71d95b16fe
                                                                          • Instruction Fuzzy Hash: E17128B2A1021AEBDB01DFA5C884BAFBBB9FF59304F108119E905D7640D774E905CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF0FA0F
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0FA22
                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6CF0FA5A
                                                                            • Part of subcall function 6CF13A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF13B71
                                                                            • Part of subcall function 6CF13A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF13B83
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF16A08
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF16A15
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF16A41
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                            • Part of subcall function 6CF0DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF0DFF6
                                                                            • Part of subcall function 6CF0DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0E003
                                                                            • Part of subcall function 6CF0DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF0E02F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                          • String ID: RS7m$RS{m
                                                                          • API String ID: 959723449-144615663
                                                                          • Opcode ID: 954092079c9217bb34438006f97c057e30f908974c2a98b111f330ee313ef104
                                                                          • Instruction ID: 5cf249fcd40ae21386febf3269cd19ca2b34f20b53798efe984b0970c4f19514
                                                                          • Opcode Fuzzy Hash: 954092079c9217bb34438006f97c057e30f908974c2a98b111f330ee313ef104
                                                                          • Instruction Fuzzy Hash: C0C15070A052049FDB04DFA8CC94FADB7B9AF85708F204598E945EB786DB71ED44CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF13690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Init$Clear$Copy
                                                                          • String ID:
                                                                          • API String ID: 3833040332-0
                                                                          • Opcode ID: cb5b72ff9584c705a93a5a4de9a49c81f1cf05561a135f26fd1dd7e9e9105b38
                                                                          • Instruction ID: 3397b2ce5f441ac871d854d44ac331355fe3a2aad56a30d2324d08126f11f983
                                                                          • Opcode Fuzzy Hash: cb5b72ff9584c705a93a5a4de9a49c81f1cf05561a135f26fd1dd7e9e9105b38
                                                                          • Instruction Fuzzy Hash: 14818CB1A05219AFDB04DFA8C880FEEBBB9BF49304F14415DE505A7B40DB31E909CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1D8EC
                                                                          • VariantInit.OLEAUT32 ref: 6CF1D902
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1D90D
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF1D929
                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF1D966
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1D973
                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF1D9B4
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1D9C1
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1DA6F
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1DA80
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1DA87
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1DA99
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                          • String ID:
                                                                          • API String ID: 1625659656-0
                                                                          • Opcode ID: 16b9056a0cc6fc31b527a020759d27f992153637452622adb628fbcf116a3f6d
                                                                          • Instruction ID: d75168854a8921778567e73ee47f0af68f76ff51bbd9ee3cf54e79a0c6cfd273
                                                                          • Opcode Fuzzy Hash: 16b9056a0cc6fc31b527a020759d27f992153637452622adb628fbcf116a3f6d
                                                                          • Instruction Fuzzy Hash: 048145726083019FC705CF68C884B5ABBF8FF89714F148A5DE9948B750E774E905CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF012A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                          • String ID: invalid string position$string too long
                                                                          • API String ID: 2168136238-4289949731
                                                                          • Opcode ID: 73ca85a4187fee1680a13188eeb5de672599bf88565bfd0748b7332923783250
                                                                          • Instruction ID: 083de5c22c88f5d8a2476ed98031a7dcd7b1c1e2bc91dd7a48a1017312992064
                                                                          • Opcode Fuzzy Hash: 73ca85a4187fee1680a13188eeb5de672599bf88565bfd0748b7332923783250
                                                                          • Instruction Fuzzy Hash: 724196313002049BD724CF5CECA0A9EB3A6EB85B587748A2EE591C7F40D771EC55D7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF14BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF14BDC
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF14BE5
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF14BEB
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF14BF6
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF14C2A
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14C37
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF15107
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF15117
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1511D
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF15123
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 2515392200-0
                                                                          • Opcode ID: 05e5f79dec48d55dae2ca7329abecdf62f0e715ec02fd18d41c613061814afd5
                                                                          • Instruction ID: 091d0d2b3fd1e439b077c543efb44dc536b605d0caf813066cded602ec7f96a0
                                                                          • Opcode Fuzzy Hash: 05e5f79dec48d55dae2ca7329abecdf62f0e715ec02fd18d41c613061814afd5
                                                                          • Instruction Fuzzy Hash: B312F575A15705AFC758DB99DD84DAAB3B9BF8C300F14466CF50AABB91CA30F841CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF149B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(6CF705A8), ref: 6CF149EE
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF149F7
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF149FD
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF14A08
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF14A39
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14A45
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF14B66
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14B76
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14B7C
                                                                          • VariantClear.OLEAUT32(6CF705A8), ref: 6CF14B82
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 2515392200-0
                                                                          • Opcode ID: f2873787587e2bcd00bf23f7ebe512deca6facabf7f65a1d49b1643a0b6e4c26
                                                                          • Instruction ID: 34c230359c9dd46e54c79337f38eed9c1bd068ce64a97de803a335410c8adcf1
                                                                          • Opcode Fuzzy Hash: f2873787587e2bcd00bf23f7ebe512deca6facabf7f65a1d49b1643a0b6e4c26
                                                                          • Instruction Fuzzy Hash: 2F517E72A04219AFCB05DFA4CC80EAEBBB8FF89314F144169E915EB745D774A901CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF147D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1480C
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF14815
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1481B
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF14826
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6CF1485B
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14868
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF14974
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14984
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1498A
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14990
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 2515392200-0
                                                                          • Opcode ID: 190474b2fb586945191698725ad3fdb802e6fc24f2d8a9ce221252f203385e2d
                                                                          • Instruction ID: d91dd9f550a64de4fe7ca7180f1f7c731f5a54446a05f0806ea9490ca1d50dee
                                                                          • Opcode Fuzzy Hash: 190474b2fb586945191698725ad3fdb802e6fc24f2d8a9ce221252f203385e2d
                                                                          • Instruction Fuzzy Hash: A7515D72A042599FDB05DFA4CC80EAEBBB9FF89314F14456DE505EBA40D770A905CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF0DD00
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6CF0DD10
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6CF12FFF,?), ref: 6CF0DD47
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0DD4F
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6CF12FFF,?), ref: 6CF0DD6D
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CF0DDA4
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0DDAC
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0DE16
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0DE27
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0DE31
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                                          • String ID:
                                                                          • API String ID: 3525949229-0
                                                                          • Opcode ID: 716ed58ed11041a99082599d476409af1bee02f3a004f79f58fdad674005c69c
                                                                          • Instruction ID: 775e0fc45969f1b364b14aa0b17422a8b465361e4a2bf7944e3dbd5be6d1b300
                                                                          • Opcode Fuzzy Hash: 716ed58ed11041a99082599d476409af1bee02f3a004f79f58fdad674005c69c
                                                                          • Instruction Fuzzy Hash: B6516B75A01209AFDB01DFA5D894FEEBBB8FF99700F118129EA15A7350DB709901DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF2C213
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                          • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                                                          • API String ID: 1823113695-1254974138
                                                                          • Opcode ID: 24d44acdb0e1df11d6bfbf813461ba57d54bcc024c7a0099717c5a030b89e666
                                                                          • Instruction ID: d536e07d400cd2794e3248626e597bc43cea85ebd52693c27ae2516c65063cb5
                                                                          • Opcode Fuzzy Hash: 24d44acdb0e1df11d6bfbf813461ba57d54bcc024c7a0099717c5a030b89e666
                                                                          • Instruction Fuzzy Hash: 669178B1A00209AFD718CF99DC90EEEB7B9EB88314F14861DE955D7740D734BA04CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF00CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                          • String ID: invalid string position$string too long
                                                                          • API String ID: 2168136238-4289949731
                                                                          • Opcode ID: 2d608642e83e8e4d20f5afe4c8662dcdb8935e2ce7a9b19fb4a5071ab7cececc
                                                                          • Instruction ID: d95e728d22348ac50108ba17927c71c5d15942daa4c5862d0672fdbd48155369
                                                                          • Opcode Fuzzy Hash: 2d608642e83e8e4d20f5afe4c8662dcdb8935e2ce7a9b19fb4a5071ab7cececc
                                                                          • Instruction Fuzzy Hash: 6551C7323011859BD724CE1CD8A0A9FB3E7DBC5B14B248A2EE855C7B84DBB0EC55D7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF21B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CF21C5E
                                                                          • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CF21C69
                                                                          • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6CF21CA2
                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6CF21CC1
                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6CF21CCC
                                                                          • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6CF21D0A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                          • String ID: User32.dll$kernel32.dll
                                                                          • API String ID: 310444273-1965990335
                                                                          • Opcode ID: c2bc85237ce9a7f4d8e49c74f219c3d58559c72a794f50f6d3eb994422e74d24
                                                                          • Instruction ID: 91658165002ebe9a8024f10cc67043e2b6d0206c20d338402b481e4274d0a818
                                                                          • Opcode Fuzzy Hash: c2bc85237ce9a7f4d8e49c74f219c3d58559c72a794f50f6d3eb994422e74d24
                                                                          • Instruction Fuzzy Hash: 5D614F75600A049FD760CF98C191A6BBBF1FB46700F64CA58D4968BE52D73AEC46CB84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF64409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • UnDecorator::getArgumentList.LIBCMT ref: 6CF6442E
                                                                            • Part of subcall function 6CF63FC9: Replicator::operator[].LIBCMT ref: 6CF6404C
                                                                            • Part of subcall function 6CF63FC9: DName::operator+=.LIBCMT ref: 6CF64054
                                                                          • DName::operator+.LIBCMT ref: 6CF64487
                                                                          • DName::DName.LIBCMT ref: 6CF644DF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                          • API String ID: 834187326-2211150622
                                                                          • Opcode ID: 53f38d378d94e2585c4eca48d134d38c14a0c4ccfc58709d8940d4f3e37722fd
                                                                          • Instruction ID: ada74731e5e2e665b4f64b8340bab90b5f41b00762ab0cfdc686660c78e3cbcf
                                                                          • Opcode Fuzzy Hash: 53f38d378d94e2585c4eca48d134d38c14a0c4ccfc58709d8940d4f3e37722fd
                                                                          • Instruction Fuzzy Hash: 58219AB0611108AFCF51EF59D491AA97FF4AB46789B149296EC49CBE12CB30D903CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF65D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • UnDecorator::UScore.LIBCMT ref: 6CF65D40
                                                                          • DName::DName.LIBCMT ref: 6CF65D4C
                                                                            • Part of subcall function 6CF63B3B: DName::doPchar.LIBCMT ref: 6CF63B6C
                                                                          • UnDecorator::getScopedName.LIBCMT ref: 6CF65D8B
                                                                          • DName::operator+=.LIBCMT ref: 6CF65D95
                                                                          • DName::operator+=.LIBCMT ref: 6CF65DA4
                                                                          • DName::operator+=.LIBCMT ref: 6CF65DB0
                                                                          • DName::operator+=.LIBCMT ref: 6CF65DBD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                          • String ID: void
                                                                          • API String ID: 1480779885-3531332078
                                                                          • Opcode ID: 303970ba7bfa7948cbfc2550272962d4043e0f1005e1ca9b1b21a74c5056ebf7
                                                                          • Instruction ID: 04dfdbf530026fd7814554b5ba7b71113490b9e9fa90f1478d3e4fd99dbf2042
                                                                          • Opcode Fuzzy Hash: 303970ba7bfa7948cbfc2550272962d4043e0f1005e1ca9b1b21a74c5056ebf7
                                                                          • Instruction Fuzzy Hash: E311A5B1904208AFDB09DF69C898BED7BB49F02305F004199D455ABFD2DB709A4ACB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1C88F
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1C895
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1C8A0
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF1C8D5
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1C8E1
                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF1CB1C
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1CB39
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1CB49
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1CB4F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 1774866819-0
                                                                          • Opcode ID: 230803edaa201bef2d5221b81f4d0d397721c2e4304e6d830532152e66003364
                                                                          • Instruction ID: c7a06703bbd1c491a763b37162caf27734502b31ccce0093a5532a653c68a200
                                                                          • Opcode Fuzzy Hash: 230803edaa201bef2d5221b81f4d0d397721c2e4304e6d830532152e66003364
                                                                          • Instruction Fuzzy Hash: 9EB15A75A046099FCB14EF99C884EEAB7F5BF8D300F15856CE506ABB91CA34F941CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF13F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF13F7B
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF13F8D
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF13FB7
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF13FD0
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF140C9
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14105
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF14123
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14157
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF14168
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                                          • String ID:
                                                                          • API String ID: 758290628-0
                                                                          • Opcode ID: c804b3530c00278452784d7749b2e1dcaebd1fc3050683e53a4ef3a1d521714f
                                                                          • Instruction ID: 4e9507ef3684ad6417bb4a80b1e5cd16586f378513c4042c5e4ff65bec666f43
                                                                          • Opcode Fuzzy Hash: c804b3530c00278452784d7749b2e1dcaebd1fc3050683e53a4ef3a1d521714f
                                                                          • Instruction Fuzzy Hash: 997196762093819FC701DF68C8C495BBBF8BBD9318F144A2CF1A597A50C771E949CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEFFC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,8193A27A), ref: 6CEFFC98
                                                                          • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,8193A27A), ref: 6CEFFCAD
                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,8193A27A), ref: 6CEFFCB7
                                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,8193A27A), ref: 6CEFFCBA
                                                                          • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,8193A27A), ref: 6CEFFD01
                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,8193A27A), ref: 6CEFFD14
                                                                          • GetLastError.KERNEL32(?,?,00000000,8193A27A), ref: 6CEFFD2A
                                                                          • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,8193A27A), ref: 6CEFFD6B
                                                                          • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,8193A27A), ref: 6CEFFD98
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                                          • String ID:
                                                                          • API String ID: 1303881157-0
                                                                          • Opcode ID: 841e536b76a2ba2e7ae43197eaf364f7478c9174ca5d327e26440d83389ec869
                                                                          • Instruction ID: 8baca6c7a05cee5b9179b8a7b44a5d2d66edb1810075c31876fb12d76e385de0
                                                                          • Opcode Fuzzy Hash: 841e536b76a2ba2e7ae43197eaf364f7478c9174ca5d327e26440d83389ec869
                                                                          • Instruction Fuzzy Hash: A351E4B1A043119BDB008F34D894B5A7BF4AB49368F398699EC28CF785D774D806CBB4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF542B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF542DD
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF54363
                                                                          • _memmove.LIBCMT ref: 6CF54381
                                                                          • _memmove.LIBCMT ref: 6CF543E6
                                                                          • _memmove.LIBCMT ref: 6CF54453
                                                                          • _memmove.LIBCMT ref: 6CF54474
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                          • String ID: vector<T> too long
                                                                          • API String ID: 4034224661-3788999226
                                                                          • Opcode ID: 10efcc02060b7514d1cdd2a62771ffd795f0d740d0ddae61de661e029ea64b87
                                                                          • Instruction ID: 6cf1ec7ad7da699056ee1114365dfb87e4dcebaf26331ee87d43fc5d863b0d35
                                                                          • Opcode Fuzzy Hash: 10efcc02060b7514d1cdd2a62771ffd795f0d740d0ddae61de661e029ea64b87
                                                                          • Instruction Fuzzy Hash: AF51A2B27042028FC718CF68DC84D6BB7E5EBE4214F584E2DE946C3754EA71E919CAA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF24B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                          • String ID: invalid string position$string too long
                                                                          • API String ID: 2168136238-4289949731
                                                                          • Opcode ID: 5b43f3b49fc727c9a1177cf490cc3d2c2d1afd9dfcc5079b21f3a731577cca91
                                                                          • Instruction ID: 65df731e09b00d93ac64058e25a06c0c5f10b1b6ecd46417ebd462d5783ddd33
                                                                          • Opcode Fuzzy Hash: 5b43f3b49fc727c9a1177cf490cc3d2c2d1afd9dfcc5079b21f3a731577cca91
                                                                          • Instruction Fuzzy Hash: 8C41A6333456108BD724CE9CE890E6EFBE9EB95714B610E2EF051C7E90C7A99C458762
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RSDi
                                                                          • API String ID: 4225690600-559181253
                                                                          • Opcode ID: ecd79d84677c6d54a5e0e808bd55cf047f3d8b2cf324b8c2dde75be233cc25f9
                                                                          • Instruction ID: 75e6193e888026a51fc3ff9be620118b0c96216b3daa27c3bc4f497a3ee2d79e
                                                                          • Opcode Fuzzy Hash: ecd79d84677c6d54a5e0e808bd55cf047f3d8b2cf324b8c2dde75be233cc25f9
                                                                          • Instruction Fuzzy Hash: 70415B74A056089FCB00CFA9C984A5EB7FAAF89304F60818AE509DBB55DB72EC41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RSUa
                                                                          • API String ID: 4225690600-2086061799
                                                                          • Opcode ID: f9e1e87419f8583d305f86e1c0b816dc237501075474a3638f15eaface6ecc34
                                                                          • Instruction ID: 57fc617dfff16ab9803c67bef6e748c285ca74856ff09ad12e9ce85eed7f6c4b
                                                                          • Opcode Fuzzy Hash: f9e1e87419f8583d305f86e1c0b816dc237501075474a3638f15eaface6ecc34
                                                                          • Instruction Fuzzy Hash: A2315C70E056089FDB04CFA9CC84B9EB7B9AF89304F60858AE518E7A51CB71ED81CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF106F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RSqb
                                                                          • API String ID: 4225690600-347567867
                                                                          • Opcode ID: ce06316defc31197a9672edf5a9893fa7d54334be4894ed4d90a8c123b5d1515
                                                                          • Instruction ID: 16555e1b7a256a609821560b6868ad16e7d925857e74388bb62378d9ce6ff22a
                                                                          • Opcode Fuzzy Hash: ce06316defc31197a9672edf5a9893fa7d54334be4894ed4d90a8c123b5d1515
                                                                          • Instruction Fuzzy Hash: 46314B70A056089FCB04CFA9CD84B9EB7B9AF89304F60858AE518E7A41DB71DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RSa
                                                                          • API String ID: 4225690600-3169278968
                                                                          • Opcode ID: e89f3adb4ce8bd0cde0e40bbead6d5de68dbc5677244b71b9de098101fb44681
                                                                          • Instruction ID: 5a33d83516e31794850c3bf088b1398c5e496dabbd2ed3b4c8af01b916dc3b5a
                                                                          • Opcode Fuzzy Hash: e89f3adb4ce8bd0cde0e40bbead6d5de68dbc5677244b71b9de098101fb44681
                                                                          • Instruction Fuzzy Hash: 16315C70E056089FCB04DFA9CD84B9EB7B9AF89304F20859AE518E7A41CB71ED41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RS:h
                                                                          • API String ID: 4225690600-3891202347
                                                                          • Opcode ID: 3014f854cb3c8ea50518667833db67976e389ee9ec04feb3df660e42c2afff30
                                                                          • Instruction ID: 76f579c205262df922f746ed2aa2a599e5596027e8a26d2575907abf028e5be0
                                                                          • Opcode Fuzzy Hash: 3014f854cb3c8ea50518667833db67976e389ee9ec04feb3df660e42c2afff30
                                                                          • Instruction Fuzzy Hash: 10315C70E056089FDB04DFA9CC84B9EB7B9AF89204F60859AE418E7A52CB75ED41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RS3g
                                                                          • API String ID: 4225690600-2794631155
                                                                          • Opcode ID: 977934051ca67bc4b0e0d7779a20c60e685bbcd24b99969255bd63d5c2d054c1
                                                                          • Instruction ID: f0276e3d527dd4b70937c940d087ca88cca06ae36b652b0eb240b9863e03bdbe
                                                                          • Opcode Fuzzy Hash: 977934051ca67bc4b0e0d7779a20c60e685bbcd24b99969255bd63d5c2d054c1
                                                                          • Instruction Fuzzy Hash: 6C314D70E056089FCB00CFA9CC84B9EB7F9AF89204F60869AE418E7A51CB71DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4C760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • type_info::operator!=.LIBCMT ref: 6CF4C7EB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::operator!=
                                                                          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                                                          • API String ID: 2241493438-339133643
                                                                          • Opcode ID: 763feedb1f763928b08634b195a867fd06491ed6216245765e4a260cb511d22e
                                                                          • Instruction ID: 730d51aa62ddc0d8e19d4e548b919ab33d038b8601bf7859f793798b179165b4
                                                                          • Opcode Fuzzy Hash: 763feedb1f763928b08634b195a867fd06491ed6216245765e4a260cb511d22e
                                                                          • Instruction Fuzzy Hash: A8318C71A143408FC700EF7C895558ABFF1AFD5208F008A2FF444ABB61EB719948CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID: RS%e
                                                                          • API String ID: 4225690600-1409579784
                                                                          • Opcode ID: 547bc20147587b1f745740624ed4ca80bed2812065c1f0116188bb043fc62e38
                                                                          • Instruction ID: 912e91eedd7e2384ccab4df41169796b821ad64cc0f662cb0c849a05b2f68949
                                                                          • Opcode Fuzzy Hash: 547bc20147587b1f745740624ed4ca80bed2812065c1f0116188bb043fc62e38
                                                                          • Instruction Fuzzy Hash: 9B317CB0E056189FCB10CBA9CC84B9DB7B9AF85304F70859AE508E7A42C772DD40CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInit
                                                                          • String ID:
                                                                          • API String ID: 2610073882-0
                                                                          • Opcode ID: 2a2bd265efe7a53b84a1e7a13d191286db3ab0fa5b0357db9fbb97706aba3f0c
                                                                          • Instruction ID: bb0b84614afe481ab660862b4802fcaab2426f5f6dba2cf4f1b27bc30d168d55
                                                                          • Opcode Fuzzy Hash: 2a2bd265efe7a53b84a1e7a13d191286db3ab0fa5b0357db9fbb97706aba3f0c
                                                                          • Instruction Fuzzy Hash: 0BC146716087009FC300DF68C890A5BBBE6FFC8B04F258A4DE5989B765D731E845CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF09D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF09DEB
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF09DFB
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF09E29
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF09F25
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF09FE5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                          • String ID: @
                                                                          • API String ID: 3214203402-2766056989
                                                                          • Opcode ID: 87abe870a079c30dbc39001e414ba519b87f4e665105aeb052f19cef0d31a0b3
                                                                          • Instruction ID: a1b84c8da8c8762de7657418f55c1b6d5d5bf5b87f55ee30188a22e5dd07f59e
                                                                          • Opcode Fuzzy Hash: 87abe870a079c30dbc39001e414ba519b87f4e665105aeb052f19cef0d31a0b3
                                                                          • Instruction Fuzzy Hash: ADD17A71E01249CFDB00DFA8C890A9DBBB5BF88708F24816DE515AB754EB31AE45DF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF0B3EB
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0B3FB
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF0B429
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF0B525
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF0B5E5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                          • String ID: @
                                                                          • API String ID: 3214203402-2766056989
                                                                          • Opcode ID: 2d6c1c68f2f215700c2afc5da284064f15720a152a5ca522c1e406cdb8930dd0
                                                                          • Instruction ID: d1d06d91fee1c13ecf5cdaba9e82ba0120ce6ba97a44537ec1f753fa14d99dac
                                                                          • Opcode Fuzzy Hash: 2d6c1c68f2f215700c2afc5da284064f15720a152a5ca522c1e406cdb8930dd0
                                                                          • Instruction Fuzzy Hash: 0BD17971E01249CFDB00DFA8C890AADBBB5FF48708F2489ADE515AB754D730AA45DF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF31580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF316B2
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF3180A
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          Strings
                                                                          • for this public key, xrefs: 6CF31771
                                                                          • : this key is too short to encrypt any messages, xrefs: 6CF3162A
                                                                          • : message length of , xrefs: 6CF3170D
                                                                          • exceeds the maximum of , xrefs: 6CF3173F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                                                          • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                                                          • API String ID: 3807434085-412673420
                                                                          • Opcode ID: 0a9b6aef8c52c374a6d6dd166babb248a454ec11808e973198d5e74b6f4442f9
                                                                          • Instruction ID: 27e98c198ceee85d04612345cf6f7ff9d87708dde74447ae5052064d93c8200b
                                                                          • Opcode Fuzzy Hash: 0a9b6aef8c52c374a6d6dd166babb248a454ec11808e973198d5e74b6f4442f9
                                                                          • Instruction Fuzzy Hash: CDB13B71508380AFD320DB69D890BDBBBE9AFD9304F14891DE59D83751DB30A909CBA3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF51250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF5126E
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF512E0
                                                                          • _memmove.LIBCMT ref: 6CF51305
                                                                          • _memmove.LIBCMT ref: 6CF51342
                                                                          • _memmove.LIBCMT ref: 6CF5135F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                          • String ID: deque<T> too long
                                                                          • API String ID: 4034224661-309773918
                                                                          • Opcode ID: df5a52b406bda849ab929671780cebd5b3fa6a8f54dd267a0f26b91297485b3d
                                                                          • Instruction ID: 64924a2b8b32aaba5fdf8ce4f384b39fdda636592f059c5212bbe3f46e357042
                                                                          • Opcode Fuzzy Hash: df5a52b406bda849ab929671780cebd5b3fa6a8f54dd267a0f26b91297485b3d
                                                                          • Instruction Fuzzy Hash: 35410A72A042005BD708CF28DC9056BB7E6EBE4214F5DC62CE909D7B44EA34ED19C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF513A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF513BE
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF51431
                                                                          • _memmove.LIBCMT ref: 6CF51456
                                                                          • _memmove.LIBCMT ref: 6CF51493
                                                                          • _memmove.LIBCMT ref: 6CF514B0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                          • String ID: deque<T> too long
                                                                          • API String ID: 4034224661-309773918
                                                                          • Opcode ID: fe87e072ec0dd843fe9c43933498bb37acad050cb9f0ab38b31dd12c39a39888
                                                                          • Instruction ID: 4185e06a017f8c59b3f8ed96eb233a0da020d9fbc54b31495444f7d7b698fcab
                                                                          • Opcode Fuzzy Hash: fe87e072ec0dd843fe9c43933498bb37acad050cb9f0ab38b31dd12c39a39888
                                                                          • Instruction Fuzzy Hash: BE4108B2A042048BC708CF28DC9196BB7E6EFD4214F59C62DE909D7B44EB34ED19C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF4D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4DA9
                                                                            • Part of subcall function 6CF59125: std::exception::exception.LIBCMT ref: 6CF5913A
                                                                            • Part of subcall function 6CF59125: __CxxThrowException@8.LIBCMT ref: 6CF5914F
                                                                            • Part of subcall function 6CF59125: std::exception::exception.LIBCMT ref: 6CF59160
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4DCA
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4DE5
                                                                          • _memmove.LIBCMT ref: 6CEF4E4D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                          • String ID: invalid string position$string too long
                                                                          • API String ID: 443534600-4289949731
                                                                          • Opcode ID: ce314d95047f3abef32b383e0f78fa127cbfeca49f84c1ec23971d8a6b7993e8
                                                                          • Instruction ID: 835b460d089e73d1ca56ed6fb78d1a2bdcd0fbe49875565b46ad849905ee1b36
                                                                          • Opcode Fuzzy Hash: ce314d95047f3abef32b383e0f78fa127cbfeca49f84c1ec23971d8a6b7993e8
                                                                          • Instruction Fuzzy Hash: B131D7323042148FD7248E6CE980A6AF3F5AF91728B304A2FE561CFB40D771D946C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF644E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Name::operator+$NameName::
                                                                          • String ID: throw(
                                                                          • API String ID: 168861036-3159766648
                                                                          • Opcode ID: de72549798be171781c5b579b016fbc956d96750a2fbaa05890fde2c03fa978e
                                                                          • Instruction ID: 3dece6b67083196cbcadf343220618ee3a8bd9d889052c27c49e69dc7eed580d
                                                                          • Opcode Fuzzy Hash: de72549798be171781c5b579b016fbc956d96750a2fbaa05890fde2c03fa978e
                                                                          • Instruction Fuzzy Hash: 0901D474A00109AFCF04EFA5D891EEE7BB9EF44308F004155F9019BB94EB70EE4A8B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6CF89880,00000008,6CF5EAC1,00000000,00000000,?,?,6CF5D7DD,6CF59DEF,00000000,?,6CF59BD4,6CEF1290,8193A27A), ref: 6CF5E9CA
                                                                          • __lock.LIBCMT ref: 6CF5E9FE
                                                                            • Part of subcall function 6CF62438: __mtinitlocknum.LIBCMT ref: 6CF6244E
                                                                            • Part of subcall function 6CF62438: __amsg_exit.LIBCMT ref: 6CF6245A
                                                                            • Part of subcall function 6CF62438: EnterCriticalSection.KERNEL32(6CF59BD4,6CF59BD4,?,6CF5EA03,0000000D), ref: 6CF62462
                                                                          • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6CF5EA0B
                                                                          • __lock.LIBCMT ref: 6CF5EA1F
                                                                          • ___addlocaleref.LIBCMT ref: 6CF5EA3D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                          • String ID: KERNEL32.DLL
                                                                          • API String ID: 637971194-2576044830
                                                                          • Opcode ID: 99e0ca41ea23e4354e7c34fe4e3fa3c9b99fedefaf9ec8860a50dc8c74bf21d2
                                                                          • Instruction ID: 3ca0569866faa6e593750e3f208d02fc9ada089342b0cde30d7a0655e2041e5b
                                                                          • Opcode Fuzzy Hash: 99e0ca41ea23e4354e7c34fe4e3fa3c9b99fedefaf9ec8860a50dc8c74bf21d2
                                                                          • Instruction Fuzzy Hash: 9001AD71841B009FD7209F76D404389FBF0BF12328F50890ED59692BA0CB74AA48CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0E120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CF0E29B
                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CF0E2B6
                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF0E2D7
                                                                            • Part of subcall function 6CF15760: std::tr1::_Xweak.LIBCPMT ref: 6CF15769
                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF0E309
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0E523
                                                                          • InterlockedCompareExchange.KERNEL32(6CF9C6A4,45524548,4B4F4F4C), ref: 6CF0E544
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                          • String ID:
                                                                          • API String ID: 2722669376-0
                                                                          • Opcode ID: f3bcfcacb7e1cfd028855db00b30f63c2a6865c06329532ad528ef7ba9b5f983
                                                                          • Instruction ID: d9cb0dc6b6b531437e5dee289eccfd713ffb69db053cd869a3df4fd716e599f9
                                                                          • Opcode Fuzzy Hash: f3bcfcacb7e1cfd028855db00b30f63c2a6865c06329532ad528ef7ba9b5f983
                                                                          • Instruction Fuzzy Hash: E3D1E2B1B002059FDB00CFA4C8A4BEF77B9AF45B08F148569E945EB781D7B4E904DBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: ecd79d84677c6d54a5e0e808bd55cf047f3d8b2cf324b8c2dde75be233cc25f9
                                                                          • Instruction ID: 46723a48078c7092a9af304d67968fd115e4e62445ccfab1d5e3bcd7072941ae
                                                                          • Opcode Fuzzy Hash: ecd79d84677c6d54a5e0e808bd55cf047f3d8b2cf324b8c2dde75be233cc25f9
                                                                          • Instruction Fuzzy Hash: FE414974A056189FCB00DFA9C980A9EB7FAAF89304F60858AE509DBB55DB31ED41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 5faa47b1cbdd974cbb0b20dd3f6fdf5938caca645158e7f387ecff84d61ec76d
                                                                          • Instruction ID: 29d9b1d5a03892971e8cb7f1acb394407d1ef5b808c1caed8704533e19723205
                                                                          • Opcode Fuzzy Hash: 5faa47b1cbdd974cbb0b20dd3f6fdf5938caca645158e7f387ecff84d61ec76d
                                                                          • Instruction Fuzzy Hash: D2416B70A056189FCB00CFA9CD80B9EB7F9AF89204F60859AE518EB751CB31ED45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 5faa47b1cbdd974cbb0b20dd3f6fdf5938caca645158e7f387ecff84d61ec76d
                                                                          • Instruction ID: bc9e7c8a3191934b3cfa7ffb7449891fd2240bfe16385753c6ca258dacfb6679
                                                                          • Opcode Fuzzy Hash: 5faa47b1cbdd974cbb0b20dd3f6fdf5938caca645158e7f387ecff84d61ec76d
                                                                          • Instruction Fuzzy Hash: 84414AB0A056489FCB00CFA9CC84B9EB7B9AF8A204F64859AE518E7751DB71ED41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 977934051ca67bc4b0e0d7779a20c60e685bbcd24b99969255bd63d5c2d054c1
                                                                          • Instruction ID: 4439798c24faa66865e062365688fbfef66573f7dc449af6dead33e19c7bf4ed
                                                                          • Opcode Fuzzy Hash: 977934051ca67bc4b0e0d7779a20c60e685bbcd24b99969255bd63d5c2d054c1
                                                                          • Instruction Fuzzy Hash: 3F315A70E056089FCB00CFA9CD80B9EB7F9AF89204F20868AE418E7A55CB71ED44CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: e328c5ae893facc1784b1fb707cf5dc514e6dd454404323819ac9834fe7882c7
                                                                          • Instruction ID: 2fcfe83a9380bbf450cdda2c18bab02df1c754387edee821537a05ec716f5087
                                                                          • Opcode Fuzzy Hash: e328c5ae893facc1784b1fb707cf5dc514e6dd454404323819ac9834fe7882c7
                                                                          • Instruction Fuzzy Hash: 93315970E056089FCB00CFA9CC80B9EB7FAAF89204F60858AE518E7A41CB75ED45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 3014f854cb3c8ea50518667833db67976e389ee9ec04feb3df660e42c2afff30
                                                                          • Instruction ID: 5b43c368f45527be0c5cc6b4b20dc7992d4f66cbb7d6093c60c239b8a6edaacb
                                                                          • Opcode Fuzzy Hash: 3014f854cb3c8ea50518667833db67976e389ee9ec04feb3df660e42c2afff30
                                                                          • Instruction Fuzzy Hash: 09316C70E056089FCB00CF69CC80B9EB7F9AF89204F20858AE418E7A55C771ED45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF104D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: e328c5ae893facc1784b1fb707cf5dc514e6dd454404323819ac9834fe7882c7
                                                                          • Instruction ID: 6be33f620256de9a230bd6615ae5bc819907a85f86db8d972d6ae52bec29707c
                                                                          • Opcode Fuzzy Hash: e328c5ae893facc1784b1fb707cf5dc514e6dd454404323819ac9834fe7882c7
                                                                          • Instruction Fuzzy Hash: BE314D70E056089FCB04CFA9CC84B9EB7B9AF89304F60858AE518E7A51DB71DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF105DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 153753771b9dccdd3e979fb7100d695165aa432785c9a9223c5f7b957253bbc3
                                                                          • Instruction ID: 85c6ee351a17e8a7220321850f50ca92f13df842ccbfad6295ec6a9a273a8fce
                                                                          • Opcode Fuzzy Hash: 153753771b9dccdd3e979fb7100d695165aa432785c9a9223c5f7b957253bbc3
                                                                          • Instruction Fuzzy Hash: E9314BB0A056189FCB04CFA9CD84B9EB7B9AF89304F20858AE518E7A41DB71ED41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 2f43dfd7b88faa1c7edee1c40002333a12465c91747454fbf13a0263aa8927e9
                                                                          • Instruction ID: ad00305e3f18725d3ff93992f7f67bae4163025a797c27752ff5993613842419
                                                                          • Opcode Fuzzy Hash: 2f43dfd7b88faa1c7edee1c40002333a12465c91747454fbf13a0263aa8927e9
                                                                          • Instruction Fuzzy Hash: 03314B70A056089FCB00CFA9CD84B9EB7F9AF89204F60859AE518E7A41CB71DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 153753771b9dccdd3e979fb7100d695165aa432785c9a9223c5f7b957253bbc3
                                                                          • Instruction ID: 0f7de2f9685874ceaf800ce71593e3fbb42916ae8110cf9ad0be4ffaaab9108b
                                                                          • Opcode Fuzzy Hash: 153753771b9dccdd3e979fb7100d695165aa432785c9a9223c5f7b957253bbc3
                                                                          • Instruction Fuzzy Hash: F4313A70E056189FCB00CF69CC80B9EB7F9AF89204F20858AE519E7A51DB71EE45CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF191A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: ce06316defc31197a9672edf5a9893fa7d54334be4894ed4d90a8c123b5d1515
                                                                          • Instruction ID: c7c656301deb4a255cf9eb8c822e26e82c324f9589788c39a4c9768a4584d8f9
                                                                          • Opcode Fuzzy Hash: ce06316defc31197a9672edf5a9893fa7d54334be4894ed4d90a8c123b5d1515
                                                                          • Instruction Fuzzy Hash: A9316C70E056089FCB00CFA9CC80B9EB7F9AF89204F20858AE519E7A41DB75EE45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF19118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 2f43dfd7b88faa1c7edee1c40002333a12465c91747454fbf13a0263aa8927e9
                                                                          • Instruction ID: 48580037d325f2d0e8a7de4bfd8a360e82793d606f00c5271a58bd9cd9894192
                                                                          • Opcode Fuzzy Hash: 2f43dfd7b88faa1c7edee1c40002333a12465c91747454fbf13a0263aa8927e9
                                                                          • Instruction Fuzzy Hash: D4314C70E056189FCB00CF69CC80B9EB7F9AF89204F60859AE519E7A51DB71EE45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF192C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: f9e1e87419f8583d305f86e1c0b816dc237501075474a3638f15eaface6ecc34
                                                                          • Instruction ID: 46c521e12aa44b4cefbd9eca8b1cbd786db0f87daa54a3cf4ca0485cb4662156
                                                                          • Opcode Fuzzy Hash: f9e1e87419f8583d305f86e1c0b816dc237501075474a3638f15eaface6ecc34
                                                                          • Instruction Fuzzy Hash: CD313970E056189FCB00CBA9CC80B9EB7F9AF89204F20858AE519E7A55DB71EE45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF19237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: e89f3adb4ce8bd0cde0e40bbead6d5de68dbc5677244b71b9de098101fb44681
                                                                          • Instruction ID: cc6ed9277a593468e5eb710d20be3691b906fb119ef2d2b00c08f8010e2d3150
                                                                          • Opcode Fuzzy Hash: e89f3adb4ce8bd0cde0e40bbead6d5de68dbc5677244b71b9de098101fb44681
                                                                          • Instruction Fuzzy Hash: 2D313970E056189FCB00DFA9CC80B9EB7F9AF89204F20858AE519E7A51DB71EE45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1C150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF1C180
                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6CF13749,?), ref: 6CF1C1B8
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1C1C4
                                                                          • VariantCopy.OLEAUT32(6CF13749,?), ref: 6CF1C21B
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1C22F
                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF1C23E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                                          • String ID:
                                                                          • API String ID: 3979206172-0
                                                                          • Opcode ID: b97b29637004e207a4df99d0784f7ac152e702192956f8de7b2432d92a115bbf
                                                                          • Instruction ID: b9669a52409a5e253409d1e4e28179137c5555e0de472510417d8e8517c99517
                                                                          • Opcode Fuzzy Hash: b97b29637004e207a4df99d0784f7ac152e702192956f8de7b2432d92a115bbf
                                                                          • Instruction Fuzzy Hash: 82316B71A04249EFDB01EFA8D884F9EBBB9EF49304F118529E916E7750EB71D901CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF07370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6CF711FD,000000FF,?,6CF08B80,00000000,?,00000000,?,6CF08C13,?,?), ref: 6CF07415
                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6CF711FD,000000FF,?,6CF08B80,00000000,?,00000000,?,6CF08C13,?,?), ref: 6CF0741B
                                                                          • std::exception::exception.LIBCMT ref: 6CF0743D
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF07452
                                                                          • std::exception::exception.LIBCMT ref: 6CF07461
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF07476
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                                          • String ID:
                                                                          • API String ID: 189561132-0
                                                                          • Opcode ID: fa3b4fbecde669328a7bd3c92af280be1d3c702fac0051518d854f185f0ffbdd
                                                                          • Instruction ID: 5ee1059eeb21b028e1c141ea8cf459b3da07737d3422dd4b0469b722ecf52e8d
                                                                          • Opcode Fuzzy Hash: fa3b4fbecde669328a7bd3c92af280be1d3c702fac0051518d854f185f0ffbdd
                                                                          • Instruction Fuzzy Hash: F4318AB2901644DFC760CF59C880A9AFBF4FF68300B44895EE94687B00D731E605CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: e5ab92a785f7ad2fde2d2d463e422a4971c2719091bbe5d9b637aedb55485753
                                                                          • Instruction ID: d034c1f94450c23f39cb0238130ed94447dd3a39a4ccbf18c8fd7c236cd6786d
                                                                          • Opcode Fuzzy Hash: e5ab92a785f7ad2fde2d2d463e422a4971c2719091bbe5d9b637aedb55485753
                                                                          • Instruction Fuzzy Hash: 24316C70E056189FDB10DB69CC80B9EB7F9AF85204F24868AE419E7A41C771ED44CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: a6126e034e0383732a94222161939bcda30a643827ff6354398e94cb6a5ae201
                                                                          • Instruction ID: d2e1a2c48c17dfdd5b65dc1bdec92f506a7de906f666a29e0e5daf4c2f7d4a34
                                                                          • Opcode Fuzzy Hash: a6126e034e0383732a94222161939bcda30a643827ff6354398e94cb6a5ae201
                                                                          • Instruction Fuzzy Hash: C8315A70E056189FCB10CBA9CC80B9EB7F9AF89204F60868AE519E7A45D771ED45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 4304a5662ac41c7eb6f56d088bb6124d350c2218c1913714cdf4cd78cf76019b
                                                                          • Instruction ID: 977b13de9b904a6d944f67c0c9731876af73a71cdc03cf47351c5fdf25d70f43
                                                                          • Opcode Fuzzy Hash: 4304a5662ac41c7eb6f56d088bb6124d350c2218c1913714cdf4cd78cf76019b
                                                                          • Instruction Fuzzy Hash: A8314B70E056189FCB10CFA9CC80B9EB7F9AF89204F64868AE519E7A45CB71ED45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 547bc20147587b1f745740624ed4ca80bed2812065c1f0116188bb043fc62e38
                                                                          • Instruction ID: 464f0e371f35cd54cafbc6270b76f5db2bb58e077d0fe89f20f3b76c4be45f48
                                                                          • Opcode Fuzzy Hash: 547bc20147587b1f745740624ed4ca80bed2812065c1f0116188bb043fc62e38
                                                                          • Instruction Fuzzy Hash: 7A315870E056189FCB10CBA9CC80B9EB7FAAF89304F24868AE519E7A41C771ED44CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 746ff8d19c6f591cc3b9dcbc3c637278beafd62948330afe15a261bb78c78e78
                                                                          • Instruction ID: b70c915fb0cd02cfa95ee41440d67932f83ddd175ab9f6f232525474e3e39d0e
                                                                          • Opcode Fuzzy Hash: 746ff8d19c6f591cc3b9dcbc3c637278beafd62948330afe15a261bb78c78e78
                                                                          • Instruction Fuzzy Hash: 18314E70E056189FDB10CB69CC80B9EB7F9AF85204F64858AE419E7A41C771ED45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 85b1bfd7a471aa9a358d4f3b8139f7b87720b7510219be3baaf97a70e531de50
                                                                          • Instruction ID: 1ee4e8d492242002ecec5f5a8a8c0037b5586917227d7c4e8c2ed0256fdd033b
                                                                          • Opcode Fuzzy Hash: 85b1bfd7a471aa9a358d4f3b8139f7b87720b7510219be3baaf97a70e531de50
                                                                          • Instruction Fuzzy Hash: BD316CB0E056189FCB10CBA9CC80B9EB7F9AF85204F24858AE418E7A41C771DD45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF10561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 399d78aa2463fc8d6fbe2a4a7056ec98a17827aeb89d12e3dd32ce7e06cae61b
                                                                          • Instruction ID: 8b0f6649773d36e99116389df9a956a7e0a93ac94cdeaa7c8d3af275fd5eac27
                                                                          • Opcode Fuzzy Hash: 399d78aa2463fc8d6fbe2a4a7056ec98a17827aeb89d12e3dd32ce7e06cae61b
                                                                          • Instruction Fuzzy Hash: B3313AB0A056189FCB14CBA9CC84B9DB7B9AF89204F60858AE518E7A42C772D9418F50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF100B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 85b1bfd7a471aa9a358d4f3b8139f7b87720b7510219be3baaf97a70e531de50
                                                                          • Instruction ID: 3b00ae7e986b6bdce800d2ed79eb043ec4cb50233d062ed88eb23ad267a075f1
                                                                          • Opcode Fuzzy Hash: 85b1bfd7a471aa9a358d4f3b8139f7b87720b7510219be3baaf97a70e531de50
                                                                          • Instruction Fuzzy Hash: 2D313CB0E056189FCB14DBA9CC84B9DB7B9AF85304F74858AE418E7A42CB72DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF101BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: e5ab92a785f7ad2fde2d2d463e422a4971c2719091bbe5d9b637aedb55485753
                                                                          • Instruction ID: 3325bc0fab522ce0aec637d6988729fa9d28eaff0bed624ccd971b5540f67bfa
                                                                          • Opcode Fuzzy Hash: e5ab92a785f7ad2fde2d2d463e422a4971c2719091bbe5d9b637aedb55485753
                                                                          • Instruction Fuzzy Hash: EC317EB0E056189FCB14CBA9CC84B9DB7B9AF85304F30859AE408E7A42C772DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF102C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: a6126e034e0383732a94222161939bcda30a643827ff6354398e94cb6a5ae201
                                                                          • Instruction ID: f1baf2ed7586dddc7a3b5d9644deec30d2ae2b0f74f9a5f8557c41b0c6aa82b0
                                                                          • Opcode Fuzzy Hash: a6126e034e0383732a94222161939bcda30a643827ff6354398e94cb6a5ae201
                                                                          • Instruction Fuzzy Hash: BD314DB0A056189FCB14CBA9CC84B9DB7B9AF86204F70868AE458E7A42C772DD41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF103DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 4304a5662ac41c7eb6f56d088bb6124d350c2218c1913714cdf4cd78cf76019b
                                                                          • Instruction ID: ed97894156dc68d5cd07b503b601a8e6c81cbfd6e068f788ba0653289caa55b4
                                                                          • Opcode Fuzzy Hash: 4304a5662ac41c7eb6f56d088bb6124d350c2218c1913714cdf4cd78cf76019b
                                                                          • Instruction Fuzzy Hash: 60313C70A056189FCB14CBA9CC84B9DB7B9AF85204F60868AE418E7A41CB72D941CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 746ff8d19c6f591cc3b9dcbc3c637278beafd62948330afe15a261bb78c78e78
                                                                          • Instruction ID: c943ca62a08a7d073bd18f91c12432bc36cd66ce606f765dc25541de2b59d745
                                                                          • Opcode Fuzzy Hash: 746ff8d19c6f591cc3b9dcbc3c637278beafd62948330afe15a261bb78c78e78
                                                                          • Instruction Fuzzy Hash: 9B314EB0E056189FCB14CFA9CC84B9DB7B9AF85204F74858AE418E7A41C772ED41CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF19011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArrayDestroySafe
                                                                          • String ID:
                                                                          • API String ID: 4225690600-0
                                                                          • Opcode ID: 399d78aa2463fc8d6fbe2a4a7056ec98a17827aeb89d12e3dd32ce7e06cae61b
                                                                          • Instruction ID: 1e0cedd602573eb0b7ee688950d209fd7271bc439f446eb6d9390fdbbe0c46aa
                                                                          • Opcode Fuzzy Hash: 399d78aa2463fc8d6fbe2a4a7056ec98a17827aeb89d12e3dd32ce7e06cae61b
                                                                          • Instruction Fuzzy Hash: 29316C70E056189FCB10CBA9CC80B9EB7F9AF89204F20868AE519E7A41CB71ED44CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF6249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6CF625B1,?,00000000,?), ref: 6CF624E6
                                                                          • _malloc.LIBCMT ref: 6CF6251B
                                                                          • _memset.LIBCMT ref: 6CF6253B
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6CF62550
                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CF6255E
                                                                          • __freea.LIBCMT ref: 6CF62568
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                                          • String ID:
                                                                          • API String ID: 525495869-0
                                                                          • Opcode ID: cd499dfc5bc8e2b9e6f6333f2cfa89729e48a648abe027fa08a60b82abcd875d
                                                                          • Instruction ID: 4546f898682dc7273b58f63e8d756bdb01772e7e44b418a848eacdab2f491562
                                                                          • Opcode Fuzzy Hash: cd499dfc5bc8e2b9e6f6333f2cfa89729e48a648abe027fa08a60b82abcd875d
                                                                          • Instruction Fuzzy Hash: 9E31C1B1600209AFEF108F66DC88EAF7BBCEB08358F110026F914D7A50E732DD248B60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF18A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF16A08
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF16A15
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF16A41
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                          • String ID:
                                                                          • API String ID: 757764206-0
                                                                          • Opcode ID: 449e1bf7746abf781bf85c8e77a76a46721546b6627ee48161a842772ff306de
                                                                          • Instruction ID: bee3bcb5a3cb6410b4ba491b66be7ff0374642cbee33f1d65546143b86987140
                                                                          • Opcode Fuzzy Hash: 449e1bf7746abf781bf85c8e77a76a46721546b6627ee48161a842772ff306de
                                                                          • Instruction Fuzzy Hash: 71314B71E056189FCB10CBA9CC80B9EB7FAAF89304F64468AE519E7A41C775ED84CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF187EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF16A08
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF16A15
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF16A41
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE63
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE73
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE86
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AE99
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEAC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1AEBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                          • String ID:
                                                                          • API String ID: 757764206-0
                                                                          • Opcode ID: 3bb2ef1337aef34dc83313515ff90c0b089ce81f64382133510e7758f1b00c89
                                                                          • Instruction ID: c981d720f5647ed74013afca2230150ddf3d36894e00c04734b16fcec10cdf71
                                                                          • Opcode Fuzzy Hash: 3bb2ef1337aef34dc83313515ff90c0b089ce81f64382133510e7758f1b00c89
                                                                          • Instruction Fuzzy Hash: 51315C70E056189FCB10CB69CC80B9EB7FAAF95304F60468AE519E7A41C771DD84CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF16A08
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF16A15
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF16A41
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                          • String ID:
                                                                          • API String ID: 757764206-0
                                                                          • Opcode ID: 3bb2ef1337aef34dc83313515ff90c0b089ce81f64382133510e7758f1b00c89
                                                                          • Instruction ID: bfb2dad231c17b80264f963cca5a6ae71f52be9fc5e8f61cda47b8d484feee4c
                                                                          • Opcode Fuzzy Hash: 3bb2ef1337aef34dc83313515ff90c0b089ce81f64382133510e7758f1b00c89
                                                                          • Instruction Fuzzy Hash: 92314C70E056189FCB14CBA9CC84B9DB7BAAF96304F70458AE548E7A41CB72DD80CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF16A08
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF16A15
                                                                            • Part of subcall function 6CF169C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF16A41
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123B3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123C3
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123D6
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123E9
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF123FC
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1240F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                          • String ID:
                                                                          • API String ID: 757764206-0
                                                                          • Opcode ID: 449e1bf7746abf781bf85c8e77a76a46721546b6627ee48161a842772ff306de
                                                                          • Instruction ID: 47b930b90140c80460dcd66ad0eef3ec27b015ed2d1c4deaab55f232f96e41c1
                                                                          • Opcode Fuzzy Hash: 449e1bf7746abf781bf85c8e77a76a46721546b6627ee48161a842772ff306de
                                                                          • Instruction Fuzzy Hash: E2313EB0E056189FCB14CBA9CC84B9DB7BAAF86304F70468AE519E7A41C772DD80CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF506A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4760: __CxxThrowException@8.LIBCMT ref: 6CEF47F9
                                                                          • _memmove.LIBCMT ref: 6CF50907
                                                                          • _memmove.LIBCMT ref: 6CF50936
                                                                          • _memmove.LIBCMT ref: 6CF50959
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF50A25
                                                                          Strings
                                                                          • PSSR_MEM: message recovery disabled, xrefs: 6CF509E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove$Exception@8Throw
                                                                          • String ID: PSSR_MEM: message recovery disabled
                                                                          • API String ID: 2655171816-3051149714
                                                                          • Opcode ID: 90ec557a88757ced1ac507684c200d25956e2ccc6cc97f15631c0b665fd541c5
                                                                          • Instruction ID: 8a317b23ab6024909d51c55b6ab0461a6b3abdcc8619c06b95f52152d569691c
                                                                          • Opcode Fuzzy Hash: 90ec557a88757ced1ac507684c200d25956e2ccc6cc97f15631c0b665fd541c5
                                                                          • Instruction Fuzzy Hash: DCC16AB56083819FD714CF28C880B6BBBE5BFD9308F148A5DE58987785DB70E905CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF57FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF580EA
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                          • String ID: Max$Min$RandomNumberType$invalid bit length
                                                                          • API String ID: 3718517217-2498579642
                                                                          • Opcode ID: a4f868f25ce7a3847c6d15d2bb6a4ec88274946ce109be2a2205da66cb7a109a
                                                                          • Instruction ID: 288a2e69f8ec6a1dd3b3593a295fea7db37a319d2842dca59b900c3ae05119ef
                                                                          • Opcode Fuzzy Hash: a4f868f25ce7a3847c6d15d2bb6a4ec88274946ce109be2a2205da66cb7a109a
                                                                          • Instruction Fuzzy Hash: 76C1B1715097809BE324CB68D850BCFBBE5BFE9314F844A1DE68983791DB749908C7A3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5BE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CreateFrameInfo.LIBCMT ref: 6CF5BEB6
                                                                            • Part of subcall function 6CF5AB70: __getptd.LIBCMT ref: 6CF5AB7E
                                                                            • Part of subcall function 6CF5AB70: __getptd.LIBCMT ref: 6CF5AB8C
                                                                          • __getptd.LIBCMT ref: 6CF5BEC0
                                                                            • Part of subcall function 6CF5EAE6: __getptd_noexit.LIBCMT ref: 6CF5EAE9
                                                                            • Part of subcall function 6CF5EAE6: __amsg_exit.LIBCMT ref: 6CF5EAF6
                                                                          • __getptd.LIBCMT ref: 6CF5BECE
                                                                          • __getptd.LIBCMT ref: 6CF5BEDC
                                                                          • __getptd.LIBCMT ref: 6CF5BEE7
                                                                          • _CallCatchBlock2.LIBCMT ref: 6CF5BF0D
                                                                            • Part of subcall function 6CF5AC15: __CallSettingFrame@12.LIBCMT ref: 6CF5AC61
                                                                            • Part of subcall function 6CF5BFB4: __getptd.LIBCMT ref: 6CF5BFC3
                                                                            • Part of subcall function 6CF5BFB4: __getptd.LIBCMT ref: 6CF5BFD1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                          • String ID:
                                                                          • API String ID: 1602911419-0
                                                                          • Opcode ID: f5bcf11a8368a104ed51a92815da3a54d9c1021ec54dc84a1670157fc16badf5
                                                                          • Instruction ID: ff64ee7f527aa64cb8e8aa577355b1c6fcf073f5284a37cd7272c57461a4e4c4
                                                                          • Opcode Fuzzy Hash: f5bcf11a8368a104ed51a92815da3a54d9c1021ec54dc84a1670157fc16badf5
                                                                          • Instruction Fuzzy Hash: 8011F675C002099FDB00DFA4C544AEEBBB0FF54318F508469E954A7750EB389A69DF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05CA0F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663510865.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5ca0000_file.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
                                                                          • API String ID: 0-792669839
                                                                          • Opcode ID: fbbc696719bf62d02fd2bf9c322bd43e662d4be9f3ea97f2768a091c3ec9ff8b
                                                                          • Instruction ID: 9448260321f6f5c5263d4476557cfc80e056d45f053ae80e4f01fe161d2f1b13
                                                                          • Opcode Fuzzy Hash: fbbc696719bf62d02fd2bf9c322bd43e662d4be9f3ea97f2768a091c3ec9ff8b
                                                                          • Instruction Fuzzy Hash: C6A19375E002298FDB68DF69C984BD9BBB1BB48314F1485E9D50DAB360DB309E81CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF270E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF27267
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw
                                                                          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                          • API String ID: 2005118841-1273958906
                                                                          • Opcode ID: e72f4f09890d6bf2fb1539a9ffb489db13b1db6bcb2eb1d193234ac2f94f79f5
                                                                          • Instruction ID: e5735e3fc540435de304171cd71f939f9e8c4fa8d9e50531ee5cc1782a4b79e8
                                                                          • Opcode Fuzzy Hash: e72f4f09890d6bf2fb1539a9ffb489db13b1db6bcb2eb1d193234ac2f94f79f5
                                                                          • Instruction Fuzzy Hash: C36183B11083809FD331DB68C884FDFBBE8AF99308F114A1DE59987741DB759909CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _strncmptype_info::operator!=
                                                                          • String ID: ThisPointer:$ValueNames
                                                                          • API String ID: 1333309372-2375088429
                                                                          • Opcode ID: df856dc72583f62ed8c3be183cd9e16102af47a0421bd94da499872a63ebf052
                                                                          • Instruction ID: 5eec372c0f4e3409fb14a0c87e897f68397dd37c34461005f95c82ce5424795a
                                                                          • Opcode Fuzzy Hash: df856dc72583f62ed8c3be183cd9e16102af47a0421bd94da499872a63ebf052
                                                                          • Instruction Fuzzy Hash: 4551E7712087405FD314CF69C890E67BBFAAF9575CF048A5DE4A687B82C763E80D8761
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _strncmptype_info::operator!=
                                                                          • String ID: ThisPointer:$ValueNames
                                                                          • API String ID: 1333309372-2375088429
                                                                          • Opcode ID: 55fc278129630bde960429e44b82b8898a84a43f17da552925b7778599c548c1
                                                                          • Instruction ID: 4dd21b4864f7177878f39b4858419910c485b2241cd0e6bb47009dadf3f6f75f
                                                                          • Opcode Fuzzy Hash: 55fc278129630bde960429e44b82b8898a84a43f17da552925b7778599c548c1
                                                                          • Instruction Fuzzy Hash: 6E5124712083409BC3148FA5D890A67BBFAAF9631CF044E5DE5D68BB91C72BE90DC751
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4B9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _strncmptype_info::operator!=
                                                                          • String ID: ThisPointer:$ValueNames
                                                                          • API String ID: 1333309372-2375088429
                                                                          • Opcode ID: ce2be76b22c2d4f37fdcf5786e83071f1b7480084bbe677e7b8ef533efd89f2c
                                                                          • Instruction ID: 1fc7c55ef84ecf5b823515839b7dda91c05f26661412b20546376d2f348733f7
                                                                          • Opcode Fuzzy Hash: ce2be76b22c2d4f37fdcf5786e83071f1b7480084bbe677e7b8ef533efd89f2c
                                                                          • Instruction Fuzzy Hash: CC51D3712087445BC3148F69C890A6BBBFAAF96318F048E5DE9D687B83C723E909C751
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF31B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF31C1A
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF31CDE
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF31D3E
                                                                          Strings
                                                                          • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6CF31C67
                                                                          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6CF31CF0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                          • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                                                          • API String ID: 3476068407-3371871069
                                                                          • Opcode ID: 745d67f340d981af060a4b3d75644805e3cc70936b2baba425aeaaa3c1293bd0
                                                                          • Instruction ID: b13dbb39c6727be8cc73835681bd5036dcbecf3c8cde465ab9a8712e76661cd9
                                                                          • Opcode Fuzzy Hash: 745d67f340d981af060a4b3d75644805e3cc70936b2baba425aeaaa3c1293bd0
                                                                          • Instruction Fuzzy Hash: 3C513C712087409FD364DF58C880F9AB7E9BFC8714F108A1EE59997751DB70E9098BA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF4010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                            • Part of subcall function 6CF59125: std::exception::exception.LIBCMT ref: 6CF5913A
                                                                            • Part of subcall function 6CF59125: __CxxThrowException@8.LIBCMT ref: 6CF5914F
                                                                            • Part of subcall function 6CF59125: std::exception::exception.LIBCMT ref: 6CF59160
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4067
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CEF40C8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                                          • String ID: invalid string position$string too long
                                                                          • API String ID: 1615890066-4289949731
                                                                          • Opcode ID: 821150793e14829c1062b36bbb5103d81c47f0f6ad4fcf89236969405b733393
                                                                          • Instruction ID: 28c691124a51fbc662ee42ff93996f9118051f511b7af63fe66bdaa7270ea2cd
                                                                          • Opcode Fuzzy Hash: 821150793e14829c1062b36bbb5103d81c47f0f6ad4fcf89236969405b733393
                                                                          • Instruction Fuzzy Hash: E531C5323042149BD7208E5CE980E5AF7B9EB91768F350A2FF161CBB40D7729C4287A3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5C23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___BuildCatchObject.LIBCMT ref: 6CF5C24E
                                                                            • Part of subcall function 6CF5C1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6CF5C1DF
                                                                          • _UnwindNestedFrames.LIBCMT ref: 6CF5C265
                                                                          • ___FrameUnwindToState.LIBCMT ref: 6CF5C273
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                          • String ID: csm$csm
                                                                          • API String ID: 2163707966-3733052814
                                                                          • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                          • Instruction ID: dbdac238e35f8889f96ae5e0f97ea36d3ce471195c8ff6d8d6698d368c234907
                                                                          • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                          • Instruction Fuzzy Hash: BC01F631401109BBDF126F91CC45EEA7F6AFF28358F908014BE5915A20DB7699B2DBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF32300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove
                                                                          • String ID:
                                                                          • API String ID: 4104443479-0
                                                                          • Opcode ID: dd8b1f1a8843cb3766362bdaae775c566e00e9e8a6de76bc25ee7e9c05c5cbcf
                                                                          • Instruction ID: 597997bec93b789810dc0222140d284346ee2d9c12d60994fcf359de24423ca6
                                                                          • Opcode Fuzzy Hash: dd8b1f1a8843cb3766362bdaae775c566e00e9e8a6de76bc25ee7e9c05c5cbcf
                                                                          • Instruction Fuzzy Hash: C6918FB1208711AFD714CF59D984A2BB7E9FB88704F204A2DE499C7B41E735E905CBE2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF13C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetElement.OLEAUT32(?,?,8193A27A), ref: 6CF13C49
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF13C81
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF13D26
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF13D30
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF13D89
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ArrayElementInitSafe
                                                                          • String ID:
                                                                          • API String ID: 4110538090-0
                                                                          • Opcode ID: 2de7481bc8a7eee6dade8caf42965e00f743de7fae27a202de190053d84cb156
                                                                          • Instruction ID: 59b88bd92d8d2d3d6bf78b10765ec0da9091af7b85f521b0f55e1955aff7a8e0
                                                                          • Opcode Fuzzy Hash: 2de7481bc8a7eee6dade8caf42965e00f743de7fae27a202de190053d84cb156
                                                                          • Instruction Fuzzy Hash: 0A617E76A14249DFCB00DFA8C880AEEBBB5FF49314F2485ADE515A7750C731AD09CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF21D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Timetime$Sleep
                                                                          • String ID:
                                                                          • API String ID: 4176159691-0
                                                                          • Opcode ID: c1bb5fbfdc7653ac595442228c8c1c88ec536913dffc9a443a78e21d260b3a50
                                                                          • Instruction ID: 2a2c4f642af343a20eb8ba15d63b957c9578c61df312aa4e23aee401d9c13e50
                                                                          • Opcode Fuzzy Hash: c1bb5fbfdc7653ac595442228c8c1c88ec536913dffc9a443a78e21d260b3a50
                                                                          • Instruction Fuzzy Hash: 7051C0B2E012449FEF00DFE8C88579E7FB8BB05304F54856AD50897740D7B5DA448BA6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF06D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • _rand.LIBCMT ref: 6CF06DEA
                                                                            • Part of subcall function 6CF59E0C: __getptd.LIBCMT ref: 6CF59E0C
                                                                          • std::exception::exception.LIBCMT ref: 6CF06E17
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF06E2C
                                                                          • std::exception::exception.LIBCMT ref: 6CF06E3B
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF06E50
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                                          • String ID:
                                                                          • API String ID: 2791304714-0
                                                                          • Opcode ID: cf77058c67ed0995e756f6879bdf41716cad068cafd30788df2459c2b21fb82c
                                                                          • Instruction ID: 957a9e5f1f0f09f5a6bd913d09cc2eae1c27fca8cf082e6ddc25ee5427225304
                                                                          • Opcode Fuzzy Hash: cf77058c67ed0995e756f6879bdf41716cad068cafd30788df2459c2b21fb82c
                                                                          • Instruction Fuzzy Hash: A73124B19007449FC764CF68C880A9AFBF4FB18314F54896EE99A97B41D771E618CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF07750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CF07761
                                                                          • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6CF07782
                                                                          • EnterCriticalSection.KERNEL32(00000018), ref: 6CF07796
                                                                          • LeaveCriticalSection.KERNEL32(00000018), ref: 6CF077CE
                                                                          • QueueUserWorkItem.KERNEL32(6CF21D50,00000000,00000010), ref: 6CF0780C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                                          • String ID:
                                                                          • API String ID: 584243675-0
                                                                          • Opcode ID: 5f6f8d7533c705c2c40841a89370cbbca74c4ad1fa56461585a4ac55d31eff75
                                                                          • Instruction ID: 1fa7526cab3073ec879deb42b8dd88f02188ce58572ef102413f6eec3f7c4d19
                                                                          • Opcode Fuzzy Hash: 5f6f8d7533c705c2c40841a89370cbbca74c4ad1fa56461585a4ac55d31eff75
                                                                          • Instruction Fuzzy Hash: D421A172A41208AFCB40CF64D854F9BBBF8FB45745F50899EE45687A40D730E648DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF5AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::exception::exception.LIBCMT ref: 6CEF5ACB
                                                                            • Part of subcall function 6CF59533: std::exception::_Copy_str.LIBCMT ref: 6CF5954E
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF5ABC
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF5AE0
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CEF5B18
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF5B2D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                          • String ID:
                                                                          • API String ID: 921928366-0
                                                                          • Opcode ID: b22a269289f6e8094a8eb954ee096b9a29a6c6882c89934611e99e802661b415
                                                                          • Instruction ID: 8467ef5a5e064af9dcc8d09f8e43a4c9ac73684cb0329f3739fd8c5ff70201f5
                                                                          • Opcode Fuzzy Hash: b22a269289f6e8094a8eb954ee096b9a29a6c6882c89934611e99e802661b415
                                                                          • Instruction Fuzzy Hash: 8E01E1B2910208ABDB04DFA4E8459DE77B8AF25644F408559EA05A7A50EB30D728CBB1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __getptd.LIBCMT ref: 6CF5F047
                                                                            • Part of subcall function 6CF5EAE6: __getptd_noexit.LIBCMT ref: 6CF5EAE9
                                                                            • Part of subcall function 6CF5EAE6: __amsg_exit.LIBCMT ref: 6CF5EAF6
                                                                          • __amsg_exit.LIBCMT ref: 6CF5F067
                                                                          • __lock.LIBCMT ref: 6CF5F077
                                                                          • InterlockedDecrement.KERNEL32(?), ref: 6CF5F094
                                                                          • InterlockedIncrement.KERNEL32(05A11658), ref: 6CF5F0BF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                          • String ID:
                                                                          • API String ID: 4271482742-0
                                                                          • Opcode ID: 46304303f8e90067102991d6a440269e2ab34184ff6827aa619021fb21bbd420
                                                                          • Instruction ID: c7858f09cd3785b27ad46ecf07a320e4e943289bac9642f55f28e5012b4fda23
                                                                          • Opcode Fuzzy Hash: 46304303f8e90067102991d6a440269e2ab34184ff6827aa619021fb21bbd420
                                                                          • Instruction Fuzzy Hash: 1F01DE32E03622ABDF919F6980047DE7774BF11758F984085EA20A3F84CB34A966CBD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __getptd.LIBCMT ref: 6CF5F7C8
                                                                            • Part of subcall function 6CF5EAE6: __getptd_noexit.LIBCMT ref: 6CF5EAE9
                                                                            • Part of subcall function 6CF5EAE6: __amsg_exit.LIBCMT ref: 6CF5EAF6
                                                                          • __getptd.LIBCMT ref: 6CF5F7DF
                                                                          • __amsg_exit.LIBCMT ref: 6CF5F7ED
                                                                          • __lock.LIBCMT ref: 6CF5F7FD
                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 6CF5F811
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                          • String ID:
                                                                          • API String ID: 938513278-0
                                                                          • Opcode ID: 6f5abc40946891869afabe9c4b5644894deaf2dbb5d5cb9cba5f7adb91a7366f
                                                                          • Instruction ID: f39bc13efa71a92223a9dca7bae56b78e6a74f0f442e711772a10cf4bf3affc1
                                                                          • Opcode Fuzzy Hash: 6f5abc40946891869afabe9c4b5644894deaf2dbb5d5cb9cba5f7adb91a7366f
                                                                          • Instruction Fuzzy Hash: EEF090329462049FDBA4ABB8A901B8E32A07F1072CFA04589E651A6BC0DB285568CAD5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF3E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memcpy_s
                                                                          • String ID:
                                                                          • API String ID: 2001391462-3916222277
                                                                          • Opcode ID: ee2831b52d059da982f642df846957d1b5a48647beb354b555f5df9af747d228
                                                                          • Instruction ID: f742b9e4bd161b6dc8a1e7fae2790399e11ef57f543f5a2e82811de9e1daee07
                                                                          • Opcode Fuzzy Hash: ee2831b52d059da982f642df846957d1b5a48647beb354b555f5df9af747d228
                                                                          • Instruction Fuzzy Hash: 64C17B716093169FE704CE28C88466AB7E1FFC9318F145A2DE899C7650E730EA49CBC2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF58B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memcpy_s_memmove_memset
                                                                          • String ID: EncodingParameters
                                                                          • API String ID: 4034675494-55378216
                                                                          • Opcode ID: bf2ccebf0a7376e137656a84002dea1b3120cc8f2961d29fc91e716430e16cf9
                                                                          • Instruction ID: 600a404f9e2f7cb4e5204f52bc0d1171fa97d7fdf7edd29e85cc08c615b1d314
                                                                          • Opcode Fuzzy Hash: bf2ccebf0a7376e137656a84002dea1b3120cc8f2961d29fc91e716430e16cf9
                                                                          • Instruction Fuzzy Hash: E691AA706093819FE700CF28C880B5BBBE5AFEA708F54491EF99887351D775E949CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF31200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF4D820: _memmove.LIBCMT ref: 6CF4D930
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF313D4
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                            • Part of subcall function 6CF28D80: _malloc.LIBCMT ref: 6CF28D8A
                                                                            • Part of subcall function 6CF28D80: _malloc.LIBCMT ref: 6CF28DAF
                                                                          Strings
                                                                          • doesn't match the required length of , xrefs: 6CF31316
                                                                          • for this key, xrefs: 6CF31348
                                                                          • : ciphertext length of , xrefs: 6CF312E4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                                                          • API String ID: 1025790555-2559040249
                                                                          • Opcode ID: 7bfc334dab860edbbb952760f0b021f2f143e0f94e6977ec2a778b663347a0d0
                                                                          • Instruction ID: 1d27a2bbade34579faeb07c8c4737459a68f553a43f6fc5f13a832e08ece87ec
                                                                          • Opcode Fuzzy Hash: 7bfc334dab860edbbb952760f0b021f2f143e0f94e6977ec2a778b663347a0d0
                                                                          • Instruction Fuzzy Hash: 89A16171508380AFD324CB69D840BDBB7E9AFD9308F548A1DE19D83751DB74A909CBA3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5B47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6CF5B50D
                                                                            • Part of subcall function 6CF61AA0: __87except.LIBCMT ref: 6CF61ADB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandling__87except__start
                                                                          • String ID: pow
                                                                          • API String ID: 2905807303-2276729525
                                                                          • Opcode ID: 6dee2947e3e7c948caa5c6f5612db68eaee7ebbe309d6c7849ead5de369b5dee
                                                                          • Instruction ID: 7bfa2648e367741cb788e26884c997e81ca9516ca4aa6a78aaa60bec53470f8e
                                                                          • Opcode Fuzzy Hash: 6dee2947e3e7c948caa5c6f5612db68eaee7ebbe309d6c7849ead5de369b5dee
                                                                          • Instruction Fuzzy Hash: 56517C31F1D20186CB01AB26C95079E7BB4DB5271DFA0CE58E5D482FECEB34C4A58B46
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF08560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __cftoe.LIBCMT ref: 6CF088ED
                                                                            • Part of subcall function 6CF5A116: __mbstowcs_s_l.LIBCMT ref: 6CF5A12C
                                                                          • __cftoe.LIBCMT ref: 6CF08911
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: __cftoe$__mbstowcs_s_l
                                                                          • String ID: zX$P
                                                                          • API String ID: 1494777130-2079734279
                                                                          • Opcode ID: a8c757c3d6a71c9e07c25e176d69a337c7cf943837507ddd3400f21567dde6bd
                                                                          • Instruction ID: 0d7f33250f0bbc6d93838adaf8a114a6e12cdc6c5e54f94c57979cdb50ac864c
                                                                          • Opcode Fuzzy Hash: a8c757c3d6a71c9e07c25e176d69a337c7cf943837507ddd3400f21567dde6bd
                                                                          • Instruction Fuzzy Hash: 6C910FB11187819FC376CF14C894BEBBBE8AB84714F508A1DE1A94B280DB715646CF92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF289D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF28ABB
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF28B82
                                                                          Strings
                                                                          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6CF28A8E
                                                                          • : invalid ciphertext, xrefs: 6CF28B48
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw
                                                                          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                                                          • API String ID: 2005118841-483996327
                                                                          • Opcode ID: 406cf67b13141d00e44b46c013b065db41e628c91575c37884db13efda0304a0
                                                                          • Instruction ID: aee1d36ab174da5452af15182c963ba7a0ae64c5cb8d3c5b054221b3ce30e228
                                                                          • Opcode Fuzzy Hash: 406cf67b13141d00e44b46c013b065db41e628c91575c37884db13efda0304a0
                                                                          • Instruction Fuzzy Hash: 30513DB61047409FD324CF54D890EABB7F8EF98708F108A1DE59A97B40DB35E909CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF26B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF26BA6
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4067
                                                                            • Part of subcall function 6CEF4010: _memmove.LIBCMT ref: 6CEF40C8
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF26C56
                                                                          Strings
                                                                          • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6CF26BE3
                                                                          • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6CF26B33
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                          • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
                                                                          • API String ID: 1902190269-184618050
                                                                          • Opcode ID: e7c79fae9c4359cd9a0cb7210ee2e0167c775dd1e8cc487409dcfa08994acdc4
                                                                          • Instruction ID: 1848218c6eba15ff401196412c3abee661a3c68a0d2a767ecb9de010622933e2
                                                                          • Opcode Fuzzy Hash: e7c79fae9c4359cd9a0cb7210ee2e0167c775dd1e8cc487409dcfa08994acdc4
                                                                          • Instruction Fuzzy Hash: BE5137B1218380AFC310CF69C880A5BFBF8BB99754F504A2EF59593B90D775D908CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF4E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4EFC
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4F16
                                                                          • _memmove.LIBCMT ref: 6CEF4F6C
                                                                            • Part of subcall function 6CEF4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4DA9
                                                                            • Part of subcall function 6CEF4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4DCA
                                                                            • Part of subcall function 6CEF4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4DE5
                                                                            • Part of subcall function 6CEF4D90: _memmove.LIBCMT ref: 6CEF4E4D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                          • String ID: string too long
                                                                          • API String ID: 2168136238-2556327735
                                                                          • Opcode ID: 2e691f2abce561967576cff1673197dfdc5ac25cd9eb921b5b432ea4c9e75719
                                                                          • Instruction ID: b029e41a2aaa8e4fdd9e306094740bdcdb698ef89764e26c8e249a03dd11ed0d
                                                                          • Opcode Fuzzy Hash: 2e691f2abce561967576cff1673197dfdc5ac25cd9eb921b5b432ea4c9e75719
                                                                          • Instruction Fuzzy Hash: DA31E7333106104BE7259E5CE98096AF7FAEFD1724B70892FE569CBF80D771984683A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF2090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF211F
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4067
                                                                            • Part of subcall function 6CEF4010: _memmove.LIBCMT ref: 6CEF40C8
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF21BF
                                                                          Strings
                                                                          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6CEF20BD
                                                                          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6CEF215D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                          • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                                          • API String ID: 1902190269-1268710280
                                                                          • Opcode ID: bb2e9dcd8a3c6bbbfd867497b6855723883c949a2d7fe64d8c8f7b02344c2cc0
                                                                          • Instruction ID: 07064e69511a7b73462895738785d4b106ec57a7892796d14fd74d7a1b727462
                                                                          • Opcode Fuzzy Hash: bb2e9dcd8a3c6bbbfd867497b6855723883c949a2d7fe64d8c8f7b02344c2cc0
                                                                          • Instruction Fuzzy Hash: 03413F70C0424CEBDB15DFD9D890AEDFBB8AB19354F50455EE421A7B90DB745A08CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF1D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF1DC9
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4067
                                                                            • Part of subcall function 6CEF4010: _memmove.LIBCMT ref: 6CEF40C8
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF1E74
                                                                          Strings
                                                                          • BufferedTransformation: this object is not attachable, xrefs: 6CEF1D67
                                                                          • CryptoMaterial: this object contains invalid values, xrefs: 6CEF1E16
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                          • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                                          • API String ID: 1902190269-3853263434
                                                                          • Opcode ID: ec272b02e95cd2996886b9e47c290b0519c67b690e3075da6a62ecffa5ceb0ab
                                                                          • Instruction ID: 1b379b6e39c156ae831b5e9582d63cce2029470f51d8c17248852ccb23f41214
                                                                          • Opcode Fuzzy Hash: ec272b02e95cd2996886b9e47c290b0519c67b690e3075da6a62ecffa5ceb0ab
                                                                          • Instruction Fuzzy Hash: 70412EB1C04248EFCB14DFE9D890BDDFBB8EB19354F50866AE42567B50DB355A08CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF274C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF4D820: _memmove.LIBCMT ref: 6CF4D930
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF2761A
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                                                          • API String ID: 39012651-1139078987
                                                                          • Opcode ID: 43e51590b15154acd4bc949e8150a6408a83237484cf8dd1b88f2d2fd0907b62
                                                                          • Instruction ID: 58f45186fa493f9d1ab38b274a9bfa88d26927ef5f8145b254c77254117f056d
                                                                          • Opcode Fuzzy Hash: 43e51590b15154acd4bc949e8150a6408a83237484cf8dd1b88f2d2fd0907b62
                                                                          • Instruction Fuzzy Hash: 944181711083C0AFD334CB54D844FDBBBE8AB99714F108A1EE29993781EB7595088BA7
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF2BF2D
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                          • API String ID: 1823113695-3369487235
                                                                          • Opcode ID: e0f80c6508443dc231ecb7b59eead224c18551906ce3ec90f26a71896b8fe4c8
                                                                          • Instruction ID: f3acc252ce7273d7d2611388744f5f7facd46ffc2015446d8fe614d5193566dd
                                                                          • Opcode Fuzzy Hash: e0f80c6508443dc231ecb7b59eead224c18551906ce3ec90f26a71896b8fe4c8
                                                                          • Instruction Fuzzy Hash: 9531CAB1A006059FC718CF99D880E6AF7F9EB48304F548A2DE95997780D735B904CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF58E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • QueryPerformanceFrequency.KERNEL32(8193A27A,8193A27A), ref: 6CF58E7F
                                                                          • GetLastError.KERNEL32(0000000A), ref: 6CF58E8F
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF58F14
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6CF58EA5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                          • String ID: Timer: QueryPerformanceFrequency failed with error
                                                                          • API String ID: 2175244869-348333943
                                                                          • Opcode ID: c115a7c1bbbac7251732e3bb839f546a610ddd6494997bf09f37d9c0962436de
                                                                          • Instruction ID: 4f2c3d55cbf9eb15010900a8a41060cd4822d62ab4ced7200d8b3f23418885c1
                                                                          • Opcode Fuzzy Hash: c115a7c1bbbac7251732e3bb839f546a610ddd6494997bf09f37d9c0962436de
                                                                          • Instruction Fuzzy Hash: 8A213DB1518380AFD310CF24C844B9BBBF8BB89614F504A1EF5A992641DB7595088BA3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF58F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • QueryPerformanceCounter.KERNEL32(8193A27A,8193A27A,?,00000000), ref: 6CF58F7F
                                                                          • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6CF58F8F
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF59014
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6CF58FA5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                          • String ID: Timer: QueryPerformanceCounter failed with error
                                                                          • API String ID: 1823523280-4075696077
                                                                          • Opcode ID: 3984349d02a6eaf623ddaf592fca33146ed401d01822882c3bb71c079aa627f9
                                                                          • Instruction ID: 4630da4b7516d62cff2a702ad96cba3839568e085ab0b930196ad54de82fb098
                                                                          • Opcode Fuzzy Hash: 3984349d02a6eaf623ddaf592fca33146ed401d01822882c3bb71c079aa627f9
                                                                          • Instruction Fuzzy Hash: 96213DB1508380AFD310CF24D844B9BBBF8BB89614F504E1EF5A592781DB7595088BA3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF26480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF26518
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF26558
                                                                          Strings
                                                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6CF26527
                                                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6CF264E7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                          • API String ID: 3476068407-3345525433
                                                                          • Opcode ID: b0830c18c51ae3e5e1cdd29f1963044aa3410230a0dd0bbe425f2d5793a7cadf
                                                                          • Instruction ID: 83c2e9a8d7c8c75d1008fd777f6fa1c38e1d0d57cfed90825891e8e0d29ec519
                                                                          • Opcode Fuzzy Hash: b0830c18c51ae3e5e1cdd29f1963044aa3410230a0dd0bbe425f2d5793a7cadf
                                                                          • Instruction Fuzzy Hash: FF21C0715183809ED724CFA4C841FDAB3F8AB49608F904A1DF59593A84EB3AA4098B63
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF2C14E
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                          • API String ID: 1823113695-3369487235
                                                                          • Opcode ID: 2bf1439d7086e641ed7e45ba84ce0d1eb649de67210269bdc02c367e0c216acd
                                                                          • Instruction ID: 996888ce3e54d3992f370b575546a50ca8f3fd925c0c2e3ff3e4b9348fa5c8d5
                                                                          • Opcode Fuzzy Hash: 2bf1439d7086e641ed7e45ba84ce0d1eb649de67210269bdc02c367e0c216acd
                                                                          • Instruction Fuzzy Hash: 8B01D173F040251F8314997FED4048AEA97ABD439531ACA3AEA08DFB48E531DC0243C2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF325D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove$Exception@8Throw
                                                                          • String ID:
                                                                          • API String ID: 2655171816-0
                                                                          • Opcode ID: a7777767100559c5a7a053b82d7443d0be5f273254a2dd8a60c3cdbf9c9452fe
                                                                          • Instruction ID: dd6bd9a8a5e2f7325c0a8abd71f77e2b4ab59e81f1ac07893b7006fb797e2e26
                                                                          • Opcode Fuzzy Hash: a7777767100559c5a7a053b82d7443d0be5f273254a2dd8a60c3cdbf9c9452fe
                                                                          • Instruction Fuzzy Hash: B451D271304715AFD704DF68C994A2FB3E9AFC8604F10492DE599C3B42EB35E9058BD2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0D4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF0D5E4
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF0D5F9
                                                                          • std::exception::exception.LIBCMT ref: 6CF0D608
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF0D61D
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                          • String ID:
                                                                          • API String ID: 2621100827-0
                                                                          • Opcode ID: 19beaab671b417ee42f648bbe5ba1ea72a640aabb9e4432c373d2993479c06e4
                                                                          • Instruction ID: ddb1e4e0d4c4839e659336833d6be5ce8fd5e5bcde25b40c5eb0dd217f5f45eb
                                                                          • Opcode Fuzzy Hash: 19beaab671b417ee42f648bbe5ba1ea72a640aabb9e4432c373d2993479c06e4
                                                                          • Instruction Fuzzy Hash: 7B515AB1A01649AFC704CF68C980A99FBF4FF09304F50866EE91997B41D731EA64CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF15F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF16035
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF1604A
                                                                          • std::exception::exception.LIBCMT ref: 6CF16059
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF1606E
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                          • String ID:
                                                                          • API String ID: 2621100827-0
                                                                          • Opcode ID: 1beaaea042068edec6cd4a5a7a78615b1c8a7a96922ec547f394f9d1305e7728
                                                                          • Instruction ID: 77d1154976735a67402acd8eabac281dc1b99e45ae680ee8215a31cf0cbf57fb
                                                                          • Opcode Fuzzy Hash: 1beaaea042068edec6cd4a5a7a78615b1c8a7a96922ec547f394f9d1305e7728
                                                                          • Instruction Fuzzy Hash: 09514BB1A01649AFC704CFA8C884A99FBF4FF09304F50866EE519D7B41D771EA64CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$Init
                                                                          • String ID:
                                                                          • API String ID: 3740757921-0
                                                                          • Opcode ID: 0369d8563d1ca60c27e7fdae66de396d1e468968bdab5ac5c63324373b66ad2a
                                                                          • Instruction ID: db200fac3c48a3428e7a64e02b6e9359cc00e1c4a4a846eb7669e0de402e254e
                                                                          • Opcode Fuzzy Hash: 0369d8563d1ca60c27e7fdae66de396d1e468968bdab5ac5c63324373b66ad2a
                                                                          • Instruction Fuzzy Hash: 58418A326082419FD700DF29C840B96B7F9FF99B24F148A6AF944DB750D731E805CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF15DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF15E87
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF15E9C
                                                                          • std::exception::exception.LIBCMT ref: 6CF15EAB
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF15EC0
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                          • String ID:
                                                                          • API String ID: 2621100827-0
                                                                          • Opcode ID: f7136acf487c1a7f86a1ed89f8d03c1198d4b24c1506a4ca452434c55687a140
                                                                          • Instruction ID: 53fb24768c7a6b414aecd12ae528d85f738dc87944cb7e4734adc5d37743c9e5
                                                                          • Opcode Fuzzy Hash: f7136acf487c1a7f86a1ed89f8d03c1198d4b24c1506a4ca452434c55687a140
                                                                          • Instruction Fuzzy Hash: F3418DB19017489FC724CF68C880A9AFBF4FF18304F40896ED55A97B41D771E608CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF0D360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF0D437
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF0D44C
                                                                          • std::exception::exception.LIBCMT ref: 6CF0D45B
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF0D470
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                          • String ID:
                                                                          • API String ID: 2621100827-0
                                                                          • Opcode ID: c54122b21083593ae8011f74166482e270a1191d1df6f5a8960a0ae5d0c3405b
                                                                          • Instruction ID: b15d5113c3b0052ade084d12565e1e5c07047e128305411794747a721f564cd3
                                                                          • Opcode Fuzzy Hash: c54122b21083593ae8011f74166482e270a1191d1df6f5a8960a0ae5d0c3405b
                                                                          • Instruction Fuzzy Hash: 5C414AB19017489FC724CF69D880A9AFBF4FF19304F40896ED95A97B41D771E608CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF52B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF26480: __CxxThrowException@8.LIBCMT ref: 6CF26518
                                                                            • Part of subcall function 6CF26480: __CxxThrowException@8.LIBCMT ref: 6CF26558
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF52C9A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF52CB1
                                                                          • std::exception::exception.LIBCMT ref: 6CF52CC3
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF52CDA
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C04
                                                                            • Part of subcall function 6CF59BB5: std::exception::exception.LIBCMT ref: 6CF59C1E
                                                                            • Part of subcall function 6CF59BB5: __CxxThrowException@8.LIBCMT ref: 6CF59C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$std::exception::exception$_malloc
                                                                          • String ID:
                                                                          • API String ID: 3942750879-0
                                                                          • Opcode ID: 4a082a6da4cfe398416c48ec405856c79bf690eaecde81657a9634f1903e92ae
                                                                          • Instruction ID: c195f1fcfe282c502b5782746a0abce3aaa93a4f727556a235471c40f19b8214
                                                                          • Opcode Fuzzy Hash: 4a082a6da4cfe398416c48ec405856c79bf690eaecde81657a9634f1903e92ae
                                                                          • Instruction Fuzzy Hash: D1416BB15183419FC314CF59C880A4AFBF4FFA9714F508A2EE29687B50D771A518CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF1C478
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF1C488
                                                                          • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6CF1C4B4
                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF1C512
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Bound$DestroyElement
                                                                          • String ID:
                                                                          • API String ID: 3987547017-0
                                                                          • Opcode ID: 94cab026f2f339d6da52dd630b3a8ebb7c0eab86a4f5a61c4965314fb2356ed3
                                                                          • Instruction ID: 683228b8f4689112a918f4aa2febe1425304c2505937697571cbc5f7ec4db21b
                                                                          • Opcode Fuzzy Hash: 94cab026f2f339d6da52dd630b3a8ebb7c0eab86a4f5a61c4965314fb2356ed3
                                                                          • Instruction Fuzzy Hash: F9413075A04149AFDB00DF99C880EEEBBB8FB49354F108569F919E7A40D731EA45CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(6CF702A0), ref: 6CF1B5D5
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF1B5E2
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF1B685
                                                                          • VariantClear.OLEAUT32(6CF702A0), ref: 6CF1B68B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInit
                                                                          • String ID:
                                                                          • API String ID: 2610073882-0
                                                                          • Opcode ID: 43a489e9d7906649004a5703bade6a14d10037428c8ceaba75ced140ae68acaa
                                                                          • Instruction ID: bf248e6c587a97e23d8f2b7138b3cee8eaeacbd28b9a42cd2aad743b33d77fd7
                                                                          • Opcode Fuzzy Hash: 43a489e9d7906649004a5703bade6a14d10037428c8ceaba75ced140ae68acaa
                                                                          • Instruction Fuzzy Hash: 7841A3B2A05209DFDB00DF69C980B9AF7F9EF89314F2045A9E90497750D776E901CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF688C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6CF688FD
                                                                          • __isleadbyte_l.LIBCMT ref: 6CF68930
                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6CF68961
                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6CF689CF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                          • String ID:
                                                                          • API String ID: 3058430110-0
                                                                          • Opcode ID: 03435cd141d50024a880934bc96400d5a94b6e670d2af8bd1adb759d590ef455
                                                                          • Instruction ID: 4a34938ca8d5fd10733be7b4706894371227938a50240933a9baa4402928a0a7
                                                                          • Opcode Fuzzy Hash: 03435cd141d50024a880934bc96400d5a94b6e670d2af8bd1adb759d590ef455
                                                                          • Instruction Fuzzy Hash: F531D371A15286EFEB01CF69C880AAE3BB4BF03355F14456EE1659BE91D330D940DB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF5A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CEF5ACB
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF5AE0
                                                                          • std::exception::exception.LIBCMT ref: 6CEF5B18
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF5B2D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                                          • String ID:
                                                                          • API String ID: 3153320871-0
                                                                          • Opcode ID: 0c2f6a5839578132134ac663db4ebad6b30a9616d8a433d4516c67541d7b1baf
                                                                          • Instruction ID: 0a449ac285ff398db50a18cabb33e74099a5841eb4cb0e1e964cc365d0de475b
                                                                          • Opcode Fuzzy Hash: 0c2f6a5839578132134ac663db4ebad6b30a9616d8a433d4516c67541d7b1baf
                                                                          • Instruction Fuzzy Hash: F33193B2910608ABCB14CF58D8419DAB7F8FF58744F10C66EE91997B40EB30EA14CBE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF08470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • InitializeCriticalSection.KERNEL32(00000000,00000000,6CF05D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6CF084EA
                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6CF084F0
                                                                          • std::exception::exception.LIBCMT ref: 6CF0853C
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF08551
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 3005353045-0
                                                                          • Opcode ID: 2a72a72d312ece00bd539ebdb8fde6ad660c49cef0077114d4d1889578299154
                                                                          • Instruction ID: 819071bf205b4322f52d92172b4d6c3e0136d85f0037f44c26f4ffff01043f35
                                                                          • Opcode Fuzzy Hash: 2a72a72d312ece00bd539ebdb8fde6ad660c49cef0077114d4d1889578299154
                                                                          • Instruction Fuzzy Hash: 70317E71A01704AFC714CF68C480A9AFBF4FF18210F508A6ED94687B41D770F654CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF1DC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::exception::exception.LIBCMT ref: 6CF1DCC5
                                                                            • Part of subcall function 6CF59533: std::exception::_Copy_str.LIBCMT ref: 6CF5954E
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF1DCDA
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                          • std::exception::exception.LIBCMT ref: 6CF1DD09
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF1DD1E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                          • String ID:
                                                                          • API String ID: 399550787-0
                                                                          • Opcode ID: e189a0c6a9d0eaceacbc9ecf45c82a3016e39ba168389c9327e421320b74e695
                                                                          • Instruction ID: 087c63f2a7b3e42217fe3fb9004468e0d2cde85ead653b396f9f2fb8c6453669
                                                                          • Opcode Fuzzy Hash: e189a0c6a9d0eaceacbc9ecf45c82a3016e39ba168389c9327e421320b74e695
                                                                          • Instruction Fuzzy Hash: 293152B6904209AFD704CF99D841A9EBBF8FF54300F44855EE91997B50DB70EB14CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF62645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _malloc.LIBCMT ref: 6CF62653
                                                                            • Part of subcall function 6CF59D66: __FF_MSGBANNER.LIBCMT ref: 6CF59D7F
                                                                            • Part of subcall function 6CF59D66: __NMSG_WRITE.LIBCMT ref: 6CF59D86
                                                                            • Part of subcall function 6CF59D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF59BD4,6CEF1290,8193A27A), ref: 6CF59DAB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap_malloc
                                                                          • String ID:
                                                                          • API String ID: 501242067-0
                                                                          • Opcode ID: b715497358032712b6f88450b1eb8c1dbfdaee0957e4ae7fb194bccc73a07e33
                                                                          • Instruction ID: 22ea68d8aa0b1bffaa95c37c9b2f476cafc0116aef21d85e2cca91a44057e980
                                                                          • Opcode Fuzzy Hash: b715497358032712b6f88450b1eb8c1dbfdaee0957e4ae7fb194bccc73a07e33
                                                                          • Instruction Fuzzy Hash: FF11EB33945215ABCF112F76B80C78E3BB4AB573A9B540525E54497E50DF3385508764
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF07240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF24410: _malloc.LIBCMT ref: 6CF2446E
                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6CF07287
                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF0729B
                                                                          • _memmove.LIBCMT ref: 6CF072AF
                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF072B8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                                                          • String ID:
                                                                          • API String ID: 583974297-0
                                                                          • Opcode ID: 5a5c8682f8ed79b62c06e0cf9c85f4e1fd2dcaa06be5c0f7bcbbaf1b1443db31
                                                                          • Instruction ID: b9b586c57cbf04ebec2e98d543f2de6bbdeda27b7e09cd723f22d94ddf5153bf
                                                                          • Opcode Fuzzy Hash: 5a5c8682f8ed79b62c06e0cf9c85f4e1fd2dcaa06be5c0f7bcbbaf1b1443db31
                                                                          • Instruction Fuzzy Hash: CF11B2B2A10128BBCB04DFA5DC80DDFBB7DDFD9654B01826AF90497600EA709A05CBE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF15A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 6CF15AB9
                                                                          • VariantCopy.OLEAUT32(?,6CF89C90), ref: 6CF15AC1
                                                                          • VariantClear.OLEAUT32(?), ref: 6CF15AE2
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF15AEF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearCopyException@8InitThrow
                                                                          • String ID:
                                                                          • API String ID: 3826472263-0
                                                                          • Opcode ID: dfee00bb6b0c56050bf2530e37dde359121a1709fa29e368d41a9a0daa6774fe
                                                                          • Instruction ID: 350bd1950b35c7111b3351278e7f1a33bc46187a0f070c568f9211ed1d81ee3b
                                                                          • Opcode Fuzzy Hash: dfee00bb6b0c56050bf2530e37dde359121a1709fa29e368d41a9a0daa6774fe
                                                                          • Instruction Fuzzy Hash: 4311B972D45568AFCB11DF98C8C4ADFBBB8EB45614F11416AE924A3B00C7759E048BE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF28D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _malloc.LIBCMT ref: 6CF28D8A
                                                                            • Part of subcall function 6CF59D66: __FF_MSGBANNER.LIBCMT ref: 6CF59D7F
                                                                            • Part of subcall function 6CF59D66: __NMSG_WRITE.LIBCMT ref: 6CF59D86
                                                                            • Part of subcall function 6CF59D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF59BD4,6CEF1290,8193A27A), ref: 6CF59DAB
                                                                            • Part of subcall function 6CF591F6: std::_Lockit::_Lockit.LIBCPMT ref: 6CF59202
                                                                          • _malloc.LIBCMT ref: 6CF28DAF
                                                                          • std::exception::exception.LIBCMT ref: 6CF28DD4
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF28DEB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 3043633502-0
                                                                          • Opcode ID: a173bbbad3b6e700b4d54ebbcd64396b625ce5702d60dfb62b8aa67bbb28f4e4
                                                                          • Instruction ID: 7149415ce5191d6a2c8e87edc204dbc275722a419b8199582341bf0b4b1a1ad3
                                                                          • Opcode Fuzzy Hash: a173bbbad3b6e700b4d54ebbcd64396b625ce5702d60dfb62b8aa67bbb28f4e4
                                                                          • Instruction Fuzzy Hash: 51F0F0B380521167D214EB95AC51BEF36A89FA1614FC0081DFA5491A00EB26D72EC6F3
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF60A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                          • String ID:
                                                                          • API String ID: 3016257755-0
                                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                          • Instruction ID: 4f6632834d7b7cab68a542e74f2ca11b74c0f65ec330d8479a3151e790364b82
                                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                          • Instruction Fuzzy Hash: 1A117E3300018ABBCF165E86DC11CDE3F22BB19398B698515FE6859930C776C9B1AB89
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF58970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _memmove_memset
                                                                          • String ID: EncodingParameters
                                                                          • API String ID: 3555123492-55378216
                                                                          • Opcode ID: ec7f37e720cdc520ffb5839a6dcb3972e0f295eeafc2518089fa54399754bb56
                                                                          • Instruction ID: 77a8291cec14557f85714daefba87c5f7169f0ae33dd79578001a7c6b24d30a2
                                                                          • Opcode Fuzzy Hash: ec7f37e720cdc520ffb5839a6dcb3972e0f295eeafc2518089fa54399754bb56
                                                                          • Instruction Fuzzy Hash: 466112B4608341AFC304CF69C880A2AFBE9AFD9754F504A1EF59987391D770E945CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEFF190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4760: __CxxThrowException@8.LIBCMT ref: 6CEF47F9
                                                                            • Part of subcall function 6CF28D80: _malloc.LIBCMT ref: 6CF28D8A
                                                                            • Part of subcall function 6CF28D80: _malloc.LIBCMT ref: 6CF28DAF
                                                                          • _memcpy_s.LIBCMT ref: 6CEFF282
                                                                          • _memset.LIBCMT ref: 6CEFF293
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                                          • String ID: @
                                                                          • API String ID: 3081897325-2766056989
                                                                          • Opcode ID: 82e7c99eaeb4cfd084f8a4e3660321036e9462746b97e31293df4d899922265d
                                                                          • Instruction ID: bd3b28e1e79f6edae9917882afd6f9fa77d663f9273c1ddadae24202814c45ff
                                                                          • Opcode Fuzzy Hash: 82e7c99eaeb4cfd084f8a4e3660321036e9462746b97e31293df4d899922265d
                                                                          • Instruction Fuzzy Hash: D0519DB1D01248DFDB20CFA4D841BDEBBB4BF55308F208199D45967781DB756A09CFA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF4100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4175
                                                                          • _memmove.LIBCMT ref: 6CEF41C6
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                          • String ID: string too long
                                                                          • API String ID: 2168136238-2556327735
                                                                          • Opcode ID: 2dd167041ab63ea7189dc06686b7c0a8dbf2ff628e717c1d108ca5f3a843ed91
                                                                          • Instruction ID: 9cde343bec6dd8281b556dd50f5252f3a8adb997b8fc8440fe704adf0a9d799f
                                                                          • Opcode Fuzzy Hash: 2dd167041ab63ea7189dc06686b7c0a8dbf2ff628e717c1d108ca5f3a843ed91
                                                                          • Instruction Fuzzy Hash: 9631C4333116144BE3208E5CAD80A5AF7F9EBA6724B300A2FE5A1C7F40C7619C4693A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF2C39B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw
                                                                          • String ID: gfff$gfff
                                                                          • API String ID: 2005118841-3084402119
                                                                          • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                          • Instruction ID: cbb8bea8d0b893d27752545b9ef13974de7675abe48356cc8081ea207f4ea573
                                                                          • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                          • Instruction Fuzzy Hash: 2A31727190020DAFD714CF98D880EFEB7B9EB84318F44851CE91597784D730BA19CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF18C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF194F
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • std::exception::exception.LIBCMT ref: 6CEF198E
                                                                            • Part of subcall function 6CF595C1: std::exception::operator=.LIBCMT ref: 6CF595DA
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4067
                                                                            • Part of subcall function 6CEF4010: _memmove.LIBCMT ref: 6CEF40C8
                                                                          Strings
                                                                          • Clone() is not implemented yet., xrefs: 6CEF18ED
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                          • String ID: Clone() is not implemented yet.
                                                                          • API String ID: 2192554526-226299721
                                                                          • Opcode ID: 8fc1c45473e45220ff2173fe8904c759bbbed6e973b6a27c0c849e105577b19a
                                                                          • Instruction ID: ae326c082472cb7cc49f94a9071eeb471789fff5a70611d2f98d9229fbd49cd1
                                                                          • Opcode Fuzzy Hash: 8fc1c45473e45220ff2173fe8904c759bbbed6e973b6a27c0c849e105577b19a
                                                                          • Instruction Fuzzy Hash: E93150B1804248EFCB14CF99D840BEEFBB8EB15714F10462EE421A7B90D7759A08CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF25560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF25657
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          • InputBuffer, xrefs: 6CF255BF
                                                                          • StringStore: missing InputBuffer argument, xrefs: 6CF255E0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                          • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                          • API String ID: 3718517217-2380213735
                                                                          • Opcode ID: 32d8ce05dee31a020f46ee49f456df46c5fffb579967955f84021ae934f95635
                                                                          • Instruction ID: eaf247c0d247b9150d35103f6ccf5cc37087eea18786fa22ac688545510f66d8
                                                                          • Opcode Fuzzy Hash: 32d8ce05dee31a020f46ee49f456df46c5fffb579967955f84021ae934f95635
                                                                          • Instruction Fuzzy Hash: E44129B15083809FC320CF59D490A9BFBF4BB99714F548A1EF5E983790DB759908CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF1EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CEF1F36
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • std::exception::exception.LIBCMT ref: 6CEF1F6E
                                                                            • Part of subcall function 6CF595C1: std::exception::operator=.LIBCMT ref: 6CF595DA
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF4067
                                                                            • Part of subcall function 6CEF4010: _memmove.LIBCMT ref: 6CEF40C8
                                                                          Strings
                                                                          • CryptoMaterial: this object does not support precomputation, xrefs: 6CEF1ED4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                          • String ID: CryptoMaterial: this object does not support precomputation
                                                                          • API String ID: 2192554526-3625584042
                                                                          • Opcode ID: c8b56a24956bd163c6cf8f8f9af2308276517d982f3ed1ac9a3a6121222f2b4c
                                                                          • Instruction ID: a78f8409161692b24afbcf9ceb64af969f169fae94f644c9e168fc53ce2e5f61
                                                                          • Opcode Fuzzy Hash: c8b56a24956bd163c6cf8f8f9af2308276517d982f3ed1ac9a3a6121222f2b4c
                                                                          • Instruction Fuzzy Hash: 243143B1904248EFCB14CF99D840BEEFBB8FB15714F10466EE421A7B90D7759909CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF03317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF03327
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF0336B
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                                                          • String ID: vector<T> too long
                                                                          • API String ID: 1735018483-3788999226
                                                                          • Opcode ID: f63eb2c4a81dcc5a9e27d58b76c3ede56d5f6616a646bdf33c968fcfec59846e
                                                                          • Instruction ID: f51d9b8055c53318dc8ebb8f98592315cf36bf6ed8bde865d68b3ce20c7e8bd7
                                                                          • Opcode Fuzzy Hash: f63eb2c4a81dcc5a9e27d58b76c3ede56d5f6616a646bdf33c968fcfec59846e
                                                                          • Instruction Fuzzy Hash: 8331A2B5F00205AFDF14DF98D890F9AB7B1EB49714F10462DEA199BB80DB71AE04CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF15810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF1584D
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • VariantClear.OLEAUT32(00000000), ref: 6CF15899
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                                          • String ID: vector<T> too long
                                                                          • API String ID: 2677079660-3788999226
                                                                          • Opcode ID: 79bcb1e57e51eb6bb7b7f527ccf5c70f915447b35c59d58c8f8fbc91bd4df6e8
                                                                          • Instruction ID: cb3b6900d70558e5a1a9380e7d2107bdadfb41e98dd1d63862b693057b780726
                                                                          • Opcode Fuzzy Hash: 79bcb1e57e51eb6bb7b7f527ccf5c70f915447b35c59d58c8f8fbc91bd4df6e8
                                                                          • Instruction Fuzzy Hash: C121C5B2A056059FD710CF6CD880A6EB7F9FF84324F644A2EE455D3B40DB31A9048B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF05750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF0576B
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF05782
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                          • String ID: string too long
                                                                          • API String ID: 963545896-2556327735
                                                                          • Opcode ID: b8e3c165b3489c1ef88df2cfc6bfc94af8a5ded3db5c3cbb67135a110b6ed258
                                                                          • Instruction ID: e586054066bc6a86d6ebca7fca5848d0a9f6c9e55c2dc0fa92d039beff2efe75
                                                                          • Opcode Fuzzy Hash: b8e3c165b3489c1ef88df2cfc6bfc94af8a5ded3db5c3cbb67135a110b6ed258
                                                                          • Instruction Fuzzy Hash: A71196333046189FD321DA6CE890A6AF7E9EF95A25F600A2FE552C7B40C7A1980493A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF46B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF46C4
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CEF470B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: string too long
                                                                          • API String ID: 1785806476-2556327735
                                                                          • Opcode ID: 3bc249d6672e6b9a562c9f8e29bc522f69a0bbf7b3af492d9f06d9e948fa2cc1
                                                                          • Instruction ID: a047dbbb51362f6c69324c82cae3d02058cf3591e06f1300e5471f869aa1a998
                                                                          • Opcode Fuzzy Hash: 3bc249d6672e6b9a562c9f8e29bc522f69a0bbf7b3af492d9f06d9e948fa2cc1
                                                                          • Instruction Fuzzy Hash: 43110B721083145FE7209D78A9C0A6EB7B8AF5132CF340B2FE5A783AC1D731E5598762
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF24D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF24E00
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          • ArraySink: missing OutputBuffer argument, xrefs: 6CF24D91
                                                                          • OutputBuffer, xrefs: 6CF24D77
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                                                          • API String ID: 3718517217-3781944848
                                                                          • Opcode ID: 39fa6e7e719dc63dd9b2c14bc3baf81a2aa9be4b1be1abd147c80ff10902cf03
                                                                          • Instruction ID: 2153bad2e8cd884d640ecd38376952ba60522b078ba1825c5666790652630884
                                                                          • Opcode Fuzzy Hash: 39fa6e7e719dc63dd9b2c14bc3baf81a2aa9be4b1be1abd147c80ff10902cf03
                                                                          • Instruction Fuzzy Hash: 5E3114B5508780AFC310CF69C480A9ABBF4BB99714F508E2EF5A593B50DB75D908CF92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF00150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEF4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEF402A
                                                                          • __CxxThrowException@8.LIBCMT ref: 6CF00201
                                                                            • Part of subcall function 6CF5AC75: RaiseException.KERNEL32(?,?,6CF59C34,8193A27A,?,?,?,?,6CF59C34,8193A27A,6CF89C90,6CF9B974,8193A27A), ref: 6CF5ACB7
                                                                          Strings
                                                                          • OutputStringPointer, xrefs: 6CF0018C
                                                                          • StringSink: OutputStringPointer not specified, xrefs: 6CF0019B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                          • API String ID: 3718517217-1331214609
                                                                          • Opcode ID: 3ff9dabac1f5bbef7d0e306b4b9740904810aafa3d97212de9af42f5d2f8cbba
                                                                          • Instruction ID: c0ec3513bcd7437dfa4e3383e2e7a1c80363599f04b0cc64bf3d4453b4aa5b49
                                                                          • Opcode Fuzzy Hash: 3ff9dabac1f5bbef7d0e306b4b9740904810aafa3d97212de9af42f5d2f8cbba
                                                                          • Instruction Fuzzy Hash: 0E2150B1D04248AFCB14CFD8D890BEDFBB4EB19314F10865EE425A7B91DB355A18CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CEF4620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CEF4636
                                                                            • Part of subcall function 6CF59125: std::exception::exception.LIBCMT ref: 6CF5913A
                                                                            • Part of subcall function 6CF59125: __CxxThrowException@8.LIBCMT ref: 6CF5914F
                                                                            • Part of subcall function 6CF59125: std::exception::exception.LIBCMT ref: 6CF59160
                                                                          • _memmove.LIBCMT ref: 6CEF466F
                                                                          Strings
                                                                          • invalid string position, xrefs: 6CEF4631
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: invalid string position
                                                                          • API String ID: 1785806476-1799206989
                                                                          • Opcode ID: d710a218396ac92809335e589f3a45e6203e24da82ccfdd5a00f0ea6da8a3bf5
                                                                          • Instruction ID: 3f1148a50f7fb10696754fa3202346422032288a34db607538075f616ec8b643
                                                                          • Opcode Fuzzy Hash: d710a218396ac92809335e589f3a45e6203e24da82ccfdd5a00f0ea6da8a3bf5
                                                                          • Instruction Fuzzy Hash: 8301C4713002508BD3248E6CED80A5EB3BAABD5754B35492AD1A5CBF01D6B1EC4783A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • type_info::operator!=.LIBCMT ref: 6CF2ACF8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::operator!=
                                                                          • String ID: Modulus$PublicExponent
                                                                          • API String ID: 2241493438-3324115277
                                                                          • Opcode ID: b88431fcb42c5cbfd17de8bb9190af276674acbc32360c799333f48c845caf14
                                                                          • Instruction ID: 1178fabab901de5a26bb4ceeac2195e7a76a9835c92cea7e4aeb1bae79a38776
                                                                          • Opcode Fuzzy Hash: b88431fcb42c5cbfd17de8bb9190af276674acbc32360c799333f48c845caf14
                                                                          • Instruction Fuzzy Hash: 6311E071A093049FC700DFAD884058BFBE4AFD6658F40461EF4845BB60DB35D94CCB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF4B7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • type_info::operator!=.LIBCMT ref: 6CF4B848
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::operator!=
                                                                          • String ID: Modulus$PublicExponent
                                                                          • API String ID: 2241493438-3324115277
                                                                          • Opcode ID: 2c7ae1b0384edd103c30ff7bd35de130100e8c3814bdd3bdeab7bb9970172689
                                                                          • Instruction ID: a2e2f248d39231bbeca24c9fb12c01f6b105bf2f473aa3715410fdb8d1d59923
                                                                          • Opcode Fuzzy Hash: 2c7ae1b0384edd103c30ff7bd35de130100e8c3814bdd3bdeab7bb9970172689
                                                                          • Instruction Fuzzy Hash: 8711CE71A093449EC700DF6D894058BBFF4AFD6248F004A6EF8845BB52DB35994DCBA6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF2B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF2B605
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF2B634
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: vector<T> too long
                                                                          • API String ID: 1785806476-3788999226
                                                                          • Opcode ID: d3e23d3bb5b887d18bd6b7c155555a6a7dbe11d6ccd9fee913a633365bc39c81
                                                                          • Instruction ID: a7409e302e4ccab516faab45d25973a2ed3b642c43623d68c282c93ce3d36353
                                                                          • Opcode Fuzzy Hash: d3e23d3bb5b887d18bd6b7c155555a6a7dbe11d6ccd9fee913a633365bc39c81
                                                                          • Instruction Fuzzy Hash: DF01D8B16002055FD324CFA8DC90C97B7E8EB542147544E2DD95BC3B50E775F9048B60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF54230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54241
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF54277
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: vector<bool> too long
                                                                          • API String ID: 1785806476-842332957
                                                                          • Opcode ID: cf44a8056b54307f32b49ec3282d2531df853bd03d2ae6fe10cdaa042d3461ba
                                                                          • Instruction ID: fcd455aad33f50b3d4e831b3fab198a13ef68fb12fd2d6ee453f8ac88edfff30
                                                                          • Opcode Fuzzy Hash: cf44a8056b54307f32b49ec3282d2531df853bd03d2ae6fe10cdaa042d3461ba
                                                                          • Instruction Fuzzy Hash: 41014772A002145BC704CF69DCD08AEF7A9FB90358F91432BE61683A40E730ED29C7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF53840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF53855
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF53880
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: vector<T> too long
                                                                          • API String ID: 1785806476-3788999226
                                                                          • Opcode ID: d2d84a841b0f8035dc623984dc7024b56010aebbb73f552c33a19481ba07c1ca
                                                                          • Instruction ID: 331e32d4e8855a291748750aa85f3e913fcbf7f66dd5ab84c94c54cb287e764d
                                                                          • Opcode Fuzzy Hash: d2d84a841b0f8035dc623984dc7024b56010aebbb73f552c33a19481ba07c1ca
                                                                          • Instruction Fuzzy Hash: A601D8B25016055FD314DFADCC84C5BB3E8DF542153904A3DD69AC3B50EB70F9188760
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF05160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF05173
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF590ED
                                                                            • Part of subcall function 6CF590D8: __CxxThrowException@8.LIBCMT ref: 6CF59102
                                                                            • Part of subcall function 6CF590D8: std::exception::exception.LIBCMT ref: 6CF59113
                                                                          • _memmove.LIBCMT ref: 6CF0519E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                          • String ID: vector<T> too long
                                                                          • API String ID: 1785806476-3788999226
                                                                          • Opcode ID: a63e7d3e351c487c7acbaf977feee1b9db7f4798ade797464ef738ae42a059ec
                                                                          • Instruction ID: 66b1a9518106e66b7863fb8d44930035f03a777af44e9c3eddcd9994b657859d
                                                                          • Opcode Fuzzy Hash: a63e7d3e351c487c7acbaf977feee1b9db7f4798ade797464ef738ae42a059ec
                                                                          • Instruction Fuzzy Hash: AC01A2B16002099FD728CFA8CCA1C6BB3E9EB546447554A2DE85AC3B41EB71F905CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF5BFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CF5ABC3: __getptd.LIBCMT ref: 6CF5ABC9
                                                                            • Part of subcall function 6CF5ABC3: __getptd.LIBCMT ref: 6CF5ABD9
                                                                          • __getptd.LIBCMT ref: 6CF5BFC3
                                                                            • Part of subcall function 6CF5EAE6: __getptd_noexit.LIBCMT ref: 6CF5EAE9
                                                                            • Part of subcall function 6CF5EAE6: __amsg_exit.LIBCMT ref: 6CF5EAF6
                                                                          • __getptd.LIBCMT ref: 6CF5BFD1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                          • String ID: csm
                                                                          • API String ID: 803148776-1018135373
                                                                          • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                          • Instruction ID: 528e067687284e3f2ff3cf256ea732dabc0bb8370e8782d0d6dddf40d38bfe1c
                                                                          • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                          • Instruction Fuzzy Hash: 4301AD34801304CFDF24AF21C440AADBBF5BF2C318FE4192ED25296A50CB3085B4CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF63EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: NameName::
                                                                          • String ID: {flat}
                                                                          • API String ID: 1333004437-2606204563
                                                                          • Opcode ID: 3e9ad3fff9cac494cf54533dfb7aba517f3dcac99c38af4f85db20f2c693c851
                                                                          • Instruction ID: 6713dd0978a2c7171ce688c0279e4157cda577f16a12099899d3394ab5529dff
                                                                          • Opcode Fuzzy Hash: 3e9ad3fff9cac494cf54533dfb7aba517f3dcac99c38af4f85db20f2c693c851
                                                                          • Instruction Fuzzy Hash: BBF0A0711402449FCB10CF59C094BE83BB0DB42759F048041E91C0FB42C772D84AC764
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF07673 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,8193A27A), ref: 6CF076AD
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,8193A27A), ref: 6CF076FF
                                                                          • EnterCriticalSection.KERNEL32(8193A27A,?,?,?,8193A27A), ref: 6CF0770D
                                                                          • LeaveCriticalSection.KERNEL32(8193A27A,?,00000000,?,?,?,?,8193A27A), ref: 6CF0772A
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                            • Part of subcall function 6CF06D40: _rand.LIBCMT ref: 6CF06DEA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                          • String ID:
                                                                          • API String ID: 119520971-0
                                                                          • Opcode ID: c7fbc74ce606eac6b8020d7c870c39a262aa7d388351e87c0fd8116df02fcfaa
                                                                          • Instruction ID: 00fc5094d271a439efbd6b484e5b3f023bb0a29bb3113f9066512ce43270f671
                                                                          • Opcode Fuzzy Hash: c7fbc74ce606eac6b8020d7c870c39a262aa7d388351e87c0fd8116df02fcfaa
                                                                          • Instruction Fuzzy Hash: 98219272A00619EFCB11CF54DC44EDBBBBDFF41654F10462AE92697A40EB70AA05CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF07680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,8193A27A), ref: 6CF076AD
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,8193A27A), ref: 6CF076FF
                                                                          • EnterCriticalSection.KERNEL32(8193A27A,?,?,?,8193A27A), ref: 6CF0770D
                                                                          • LeaveCriticalSection.KERNEL32(8193A27A,?,00000000,?,?,?,?,8193A27A), ref: 6CF0772A
                                                                            • Part of subcall function 6CF59BB5: _malloc.LIBCMT ref: 6CF59BCF
                                                                            • Part of subcall function 6CF06D40: _rand.LIBCMT ref: 6CF06DEA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                          • String ID:
                                                                          • API String ID: 119520971-0
                                                                          • Opcode ID: 9e5661919f788b32a27561b4d07035291ef84c3c1561f42cd16e033abaaeca5d
                                                                          • Instruction ID: 77df78aa3c88395276b1c6c524e1c3b95f3bb58f18dca755a0dfa61395905ae6
                                                                          • Opcode Fuzzy Hash: 9e5661919f788b32a27561b4d07035291ef84c3c1561f42cd16e033abaaeca5d
                                                                          • Instruction Fuzzy Hash: D821A472A00619EFCB11CF54DC44FDBBBBDFF41654F10462AE81697A40EB70AA05CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 6CF09580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?), ref: 6CF095A9
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6CF095CA
                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CF095DA
                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6CF095FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1663710508.000000006CEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CEF0000, based on PE: true
                                                                          • Associated: 00000000.00000002.1663684568.000000006CEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664036740.000000006CF74000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664138934.000000006CF8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664193050.000000006CF90000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664233238.000000006CF91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664276153.000000006CF93000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664313757.000000006CF9C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1664431156.000000006CF9E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6cef0000_file.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID:
                                                                          • API String ID: 3168844106-0
                                                                          • Opcode ID: 8db0f086746252e7f41c515de480cd3c703718de2ccee36ecff2f7464564d7a5
                                                                          • Instruction ID: 48eff657f78dabdc5b0f6e6e4d0bee33e3ab4e7cb09f870e1979c63b95336b72
                                                                          • Opcode Fuzzy Hash: 8db0f086746252e7f41c515de480cd3c703718de2ccee36ecff2f7464564d7a5
                                                                          • Instruction Fuzzy Hash: 5911AF32A05118EFCB00CF99E894DEEFBB8FF51714B10419AE51597A10EB70EA15DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Execution Graph

                                                                          Execution Coverage:12.3%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:20
                                                                          Total number of Limit Nodes:0
                                                                          execution_graph 34577 1764cb0 34578 1764cb1 34577->34578 34581 1765ec9 34578->34581 34579 1764cee 34582 1765ecc 34581->34582 34586 1765f18 34582->34586 34591 1765f09 34582->34591 34583 1765efa 34583->34579 34587 1765f19 34586->34587 34596 176ec70 34587->34596 34600 176ec69 34587->34600 34588 1765fd1 34588->34583 34592 1765f0c 34591->34592 34594 176ec70 GetConsoleWindow 34592->34594 34595 176ec69 GetConsoleWindow 34592->34595 34593 1765fd1 34593->34583 34594->34593 34595->34593 34597 176ecb1 GetConsoleWindow 34596->34597 34599 176ecf2 34597->34599 34599->34588 34601 176ec70 GetConsoleWindow 34600->34601 34603 176ecf2 34601->34603 34603->34588

                                                                          Executed Functions

                                                                          Function 057CB358 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4655 57cb358 4656 57cb35d-57cb362 4655->4656 4657 57cb369-57cb3f0 4656->4657 4658 57cb364-57cb368 4656->4658 4662 57cb3f6-57cb3f8 4657->4662 4663 57cb482-57cb4ea 4657->4663 4658->4657 4659 57cb355 4658->4659 4659->4655 4665 57cb402-57cb41f 4662->4665 4677 57cb4ec 4663->4677 4678 57cb4f1-57cb593 4663->4678 4668 57cb429-57cb431 call 57cb238 4665->4668 4671 57cb436-57cb43f 4668->4671 4677->4678 4680 57cb59b-57cb5e8 4678->4680 4681 57cb5ed-57cb5fb 4680->4681 4682 57cb5fd-57cb603 4681->4682 4683 57cb604-57cb663 4681->4683 4682->4683 4688 57cb665-57cb668 4683->4688 4689 57cb670 4683->4689 4688->4689 4690 57cb671 4689->4690 4690->4690
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Hbq$Hbq
                                                                          • API String ID: 0-4258043069
                                                                          • Opcode ID: b28018675d51f69e7eaef4e6e9f767609735aa4887a653005658a78fd184e6c6
                                                                          • Instruction ID: d906e54abd8f13aaaba0290e0a0dd01bdb8f21353e0e6d3efa6dd94b13390fa0
                                                                          • Opcode Fuzzy Hash: b28018675d51f69e7eaef4e6e9f767609735aa4887a653005658a78fd184e6c6
                                                                          • Instruction Fuzzy Hash: ACA16A74E042588FCB15DFA9C894AADBFB2FF89300F1481AEE409EB351DB349945DB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0176EC69 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4968 176ec69-176ecf0 GetConsoleWindow 4972 176ecf2-176ecf8 4968->4972 4973 176ecf9-176ed39 4968->4973 4972->4973
                                                                          APIs
                                                                          • GetConsoleWindow.KERNELBASE ref: 0176ECE0
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1668081764.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_1760000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID: ConsoleWindow
                                                                          • String ID:
                                                                          • API String ID: 2863861424-0
                                                                          • Opcode ID: 68f184c1623e30390090e8fc78bef5a2155f1307ac431d11d45f2797c84ef311
                                                                          • Instruction ID: 8f30e8173553b5ee80ceab240356c0128bc9f08ae2f34164eee4f21930c2684a
                                                                          • Opcode Fuzzy Hash: 68f184c1623e30390090e8fc78bef5a2155f1307ac431d11d45f2797c84ef311
                                                                          • Instruction Fuzzy Hash: 7A21DAB5D01218DFCB14CFA9D584ADEFBF4AB49324F24902AE818B7310CB35A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0176EC70 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4978 176ec70-176ecf0 GetConsoleWindow 4981 176ecf2-176ecf8 4978->4981 4982 176ecf9-176ed39 4978->4982 4981->4982
                                                                          APIs
                                                                          • GetConsoleWindow.KERNELBASE ref: 0176ECE0
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1668081764.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_1760000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID: ConsoleWindow
                                                                          • String ID:
                                                                          • API String ID: 2863861424-0
                                                                          • Opcode ID: 28cf9a19d5221fbcc3e007abfa4b05d6ed3c7f60eff5c51f26e33f44e0bbc303
                                                                          • Instruction ID: ceab33a0c942dd5844649a2ea86f27737d4834e24168db27ba95dbf3c13eb9a0
                                                                          • Opcode Fuzzy Hash: 28cf9a19d5221fbcc3e007abfa4b05d6ed3c7f60eff5c51f26e33f44e0bbc303
                                                                          • Instruction Fuzzy Hash: AD21BAB4D012198FCB14CFA9D584ADEFBF4AB48324F24942AE819B7250CB35A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84CA0 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4987 7d84ca0-7d84cb3 4989 7d84ccb-7d84cd9 4987->4989 4990 7d84cb5-7d84cbb 4987->4990 4994 7d84cdb-7d84ceb 4989->4994 4995 7d84d00-7d84d17 4989->4995 4991 7d84cbd 4990->4991 4992 7d84cbf-7d84cc1 4990->4992 4991->4989 4992->4989 4998 7d84ced 4994->4998 4999 7d84cef-7d84cf1 4994->4999 5002 7d84d19-7d84d25 4995->5002 5003 7d84d65-7d84d71 4995->5003 5000 7d84cfb 4998->5000 4999->5000 5004 7d84fbf-7d84fc4 5000->5004 5009 7d84d3d-7d84d48 5002->5009 5010 7d84d27-7d84d2d 5002->5010 5007 7d84e58-7d84e64 5003->5007 5008 7d84d77-7d84d8f 5003->5008 5018 7d84e6a-7d84e7e 5007->5018 5019 7d84fb5 5007->5019 5008->5007 5023 7d84d95-7d84da3 5008->5023 5016 7d84d4a-7d84d50 5009->5016 5017 7d84d60 5009->5017 5011 7d84d2f 5010->5011 5012 7d84d31-7d84d33 5010->5012 5011->5009 5012->5009 5021 7d84d52 5016->5021 5022 7d84d54-7d84d56 5016->5022 5017->5004 5018->5019 5029 7d84e84 5018->5029 5019->5004 5021->5017 5022->5017 5027 7d84da9-7d84dae 5023->5027 5028 7d84fc5-7d84fd2 5023->5028 5030 7d84db0-7d84db6 5027->5030 5031 7d84dc6-7d84e0a 5027->5031 5032 7d84e8b-7d84e97 5029->5032 5033 7d84f6c-7d84f78 5029->5033 5034 7d84f23-7d84f2f 5029->5034 5035 7d84ed7-7d84ee3 5029->5035 5037 7d84db8 5030->5037 5038 7d84dba-7d84dc4 5030->5038 5031->5007 5085 7d84e0c-7d84e18 5031->5085 5048 7d84e99-7d84e9f 5032->5048 5049 7d84eaf-7d84eba 5032->5049 5051 7d84f7a-7d84f80 5033->5051 5052 7d84f90-7d84f9b 5033->5052 5044 7d84f31-7d84f37 5034->5044 5045 7d84f47-7d84f49 5034->5045 5046 7d84efb-7d84f06 5035->5046 5047 7d84ee5-7d84eeb 5035->5047 5037->5031 5038->5031 5056 7d84f39 5044->5056 5057 7d84f3b-7d84f3d 5044->5057 5064 7d84f50-7d84f52 5045->5064 5071 7d84f08-7d84f0e 5046->5071 5072 7d84f1e 5046->5072 5058 7d84eed 5047->5058 5059 7d84eef-7d84ef1 5047->5059 5060 7d84ea1 5048->5060 5061 7d84ea3-7d84ea5 5048->5061 5073 7d84ebc-7d84ec2 5049->5073 5074 7d84ed2 5049->5074 5054 7d84f82 5051->5054 5055 7d84f84-7d84f86 5051->5055 5067 7d84f9d-7d84fa3 5052->5067 5068 7d84fb3 5052->5068 5054->5052 5055->5052 5056->5045 5057->5045 5058->5046 5059->5046 5060->5049 5061->5049 5069 7d84f6a 5064->5069 5070 7d84f54-7d84f5a 5064->5070 5075 7d84fa5 5067->5075 5076 7d84fa7-7d84fa9 5067->5076 5068->5004 5069->5004 5079 7d84f5c 5070->5079 5080 7d84f5e-7d84f60 5070->5080 5077 7d84f10 5071->5077 5078 7d84f12-7d84f14 5071->5078 5072->5004 5081 7d84ec4 5073->5081 5082 7d84ec6-7d84ec8 5073->5082 5074->5004 5075->5068 5076->5068 5077->5072 5078->5072 5079->5069 5080->5069 5081->5074 5082->5074 5087 7d84e1a-7d84e20 5085->5087 5088 7d84e30-7d84e3b 5085->5088 5089 7d84e22 5087->5089 5090 7d84e24-7d84e26 5087->5090 5092 7d84e3d-7d84e43 5088->5092 5093 7d84e53 5088->5093 5089->5088 5090->5088 5094 7d84e45 5092->5094 5095 7d84e47-7d84e49 5092->5095 5093->5004 5094->5093 5095->5093
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,bq
                                                                          • API String ID: 0-2474004448
                                                                          • Opcode ID: 2ccfccf71f8881274623dee2d7786693aa8c6e5ee7acda31186c65b93813c550
                                                                          • Instruction ID: ade7c6540b111144cced11fccffa126cf5ee3f49e6a15a87950b9af8e9b0b494
                                                                          • Opcode Fuzzy Hash: 2ccfccf71f8881274623dee2d7786693aa8c6e5ee7acda31186c65b93813c550
                                                                          • Instruction Fuzzy Hash: 2A81B9F0B4118F8FCBD5BE39895463EA6E66FC6710B1544AAC502CF3A4FE20CC468762
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8BD68 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 5096 7d8bd68-7d8bd7a 5097 7d8bd7c-7d8bd9d 5096->5097 5098 7d8bda4-7d8bda8 5096->5098 5097->5098 5099 7d8be6c-7d8be76 5098->5099 5100 7d8bdae-7d8bdbd 5098->5100 5101 7d8bdc9-7d8bdea 5100->5101 5102 7d8bdbf 5100->5102 5106 7d8bdf0-7d8bdf6 5101->5106 5107 7d8be77-7d8bea1 call 7d8bd68 5101->5107 5102->5101 5106->5099 5108 7d8bdf8 5106->5108 5118 7d8beb8-7d8becc 5107->5118 5119 7d8bea3-7d8bea9 5107->5119 5111 7d8bdfb-7d8bdfe 5108->5111 5111->5107 5113 7d8be00-7d8be0f 5111->5113 5115 7d8be11-7d8be2c 5113->5115 5116 7d8be56-7d8be5c 5113->5116 5120 7d8be38-7d8be45 5115->5120 5121 7d8be2e 5115->5121 5116->5107 5117 7d8be5e-7d8be6a 5116->5117 5117->5099 5117->5111 5123 7d8bed3-7d8bf00 5118->5123 5122 7d8beab-7d8beb7 5119->5122 5119->5123 5125 7d8be48-7d8be4a 5120->5125 5121->5120 5128 7d8bf19 5123->5128 5129 7d8bf02-7d8bf07 5123->5129 5125->5116 5127 7d8be4c-7d8be55 5125->5127 5131 7d8bf1b-7d8bf22 5128->5131 5129->5128 5132 7d8bf09-7d8bf0c 5129->5132 5132->5128 5133 7d8bf0e-7d8bf17 5132->5133 5133->5131
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (bq
                                                                          • API String ID: 0-149360118
                                                                          • Opcode ID: 8c696b2e5215042e0accbcc56472f3033632d9ba20f6e9476f4c47715a627017
                                                                          • Instruction ID: 39d132403a62593f3766d28a96ed08b9880d6b54fbf8c9ae17398c156a1be740
                                                                          • Opcode Fuzzy Hash: 8c696b2e5215042e0accbcc56472f3033632d9ba20f6e9476f4c47715a627017
                                                                          • Instruction Fuzzy Hash: 8B51D0B5A002128FC711EB69D480A6DFBA1EF89720B15869BD529EB352D730EC42CBD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D85460 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 5175 7d85460-7d85473 5176 7d8547f-7d85481 5175->5176 5177 7d85475-7d85477 5175->5177 5178 7d8548a-7d854a4 5176->5178 5177->5176 5179 7d854aa-7d854af 5178->5179 5180 7d855f7-7d855ff 5178->5180 5181 7d85509-7d8550e 5179->5181 5182 7d854b1 5179->5182 5184 7d8552e-7d85537 5181->5184 5185 7d85510-7d85519 5181->5185 5183 7d854b4-7d854b7 5182->5183 5183->5180 5187 7d854bd-7d854c9 5183->5187 5189 7d85539-7d8554d 5184->5189 5190 7d85550-7d85556 5184->5190 5185->5180 5188 7d8551f-7d8552c 5185->5188 5191 7d854cb-7d854e0 5187->5191 5192 7d854ec-7d854f5 5187->5192 5193 7d85559-7d85562 5188->5193 5189->5190 5190->5193 5191->5192 5199 7d854e2-7d854eb 5191->5199 5192->5180 5194 7d854fb-7d85507 5192->5194 5193->5180 5196 7d85568-7d85590 5193->5196 5194->5181 5194->5183 5196->5180 5198 7d85592-7d855b0 5196->5198 5200 7d855ea-7d855f6 5198->5200 5201 7d855b2-7d855bc 5198->5201 5201->5200 5203 7d855be-7d855e2 5201->5203 5203->5200
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: d
                                                                          • API String ID: 0-2564639436
                                                                          • Opcode ID: 34c887704bacc80d577d88bfc870e6e0d0ed706688e42c9d95ef454342db818b
                                                                          • Instruction ID: 6e20fb8c551b8e885e59b077acf1072cfb9eb4b0a959b959d35efd170a272488
                                                                          • Opcode Fuzzy Hash: 34c887704bacc80d577d88bfc870e6e0d0ed706688e42c9d95ef454342db818b
                                                                          • Instruction Fuzzy Hash: A25116B4A00A0ADFCB14DF59D5C08AEF7B6FF88310B508669E91A97655D730F862CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8F2E0 Relevance: .5, Instructions: 529COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dfbe5c97cd010840faae550ad4f7cb7c2697dd6e42efbd9d426a4de365306a3f
                                                                          • Instruction ID: 1e19c60445588c35e714ab9ac9f9702f1cf04503c3f29598daefcd5a66f15424
                                                                          • Opcode Fuzzy Hash: dfbe5c97cd010840faae550ad4f7cb7c2697dd6e42efbd9d426a4de365306a3f
                                                                          • Instruction Fuzzy Hash: F541DFB0D00249DFDB14DFAAD985ADEFBF5EF48304F20842AE445AB260DB74A946CF54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8F29D Relevance: .5, Instructions: 510COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8615eb5cba05afcb7adc2ea1e962805e691e3388bc65b62cbf88f0037d72025b
                                                                          • Instruction ID: 3a9b23712503e864f44ae4e6ef56251d3e0feb774ec6046320c1c808f0b58f43
                                                                          • Opcode Fuzzy Hash: 8615eb5cba05afcb7adc2ea1e962805e691e3388bc65b62cbf88f0037d72025b
                                                                          • Instruction Fuzzy Hash: B141F1B0D002499FDB14DFAAD994ADEFFF5EF49304F24802AE445AB260DB349946CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8F2AD Relevance: .5, Instructions: 502COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4f49f6c511ac35fac75256f888327dacb0a2c49a4072bb058a686d9c59a7f96c
                                                                          • Instruction ID: 955b4fd99afda7af5f2c6ba051e5c929741e341904d480c162525f391097bc6d
                                                                          • Opcode Fuzzy Hash: 4f49f6c511ac35fac75256f888327dacb0a2c49a4072bb058a686d9c59a7f96c
                                                                          • Instruction Fuzzy Hash: 9041FFB0D002499FDB54DFAAD984ADEFFF5EF48304F24802AE445AB264DB349946CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8B52F Relevance: .3, Instructions: 291COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ad75424fc82e1a1846829413db8f724b0c544672eefc533f427050ade68a80e5
                                                                          • Instruction ID: 660e5062cd903617a166e197474b0d938cab1f29ff215265cdc8768c046ad6f6
                                                                          • Opcode Fuzzy Hash: ad75424fc82e1a1846829413db8f724b0c544672eefc533f427050ade68a80e5
                                                                          • Instruction Fuzzy Hash: 16C12AB47006058FCB55DF29C988A6AFBF2FF88300B1585A9E446DB366DB30EC45CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D81177 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6290225fedd59a6dae0b0af0920ce47c6debaf2e5244a279bc3b007b3eb9e217
                                                                          • Instruction ID: 3a9220d8f37ea1c7546ac619a48b8447d707281713ce536291548167ae5e447f
                                                                          • Opcode Fuzzy Hash: 6290225fedd59a6dae0b0af0920ce47c6debaf2e5244a279bc3b007b3eb9e217
                                                                          • Instruction Fuzzy Hash: 2BB16F346007059FCB05DF28D994E5EBBB2FF89310B1585A9D4568B376DB30ED8ACBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D811D0 Relevance: .2, Instructions: 230COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8e52c3e779194907b67c14c12fb862948ed97f1ac13fca86b352108c3dd1366f
                                                                          • Instruction ID: 5174269b0833cac2a83ae3c96f99738c6de5072fcf13ecad74adbfec2a7be044
                                                                          • Opcode Fuzzy Hash: 8e52c3e779194907b67c14c12fb862948ed97f1ac13fca86b352108c3dd1366f
                                                                          • Instruction Fuzzy Hash: CDA13D346006059FCB05DF28D984D5EBBB2FF8831071185A9E5568B776DB30FD8ACBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057C1B58 Relevance: .2, Instructions: 215COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 890819e34e9c146ee1a454cde5c260872152f5e1c0eb97f7865242895823f95d
                                                                          • Instruction ID: 6db4ae0a9671faa2d48701a4c5bd7c729e630d8d52c88d829e012f135a71328c
                                                                          • Opcode Fuzzy Hash: 890819e34e9c146ee1a454cde5c260872152f5e1c0eb97f7865242895823f95d
                                                                          • Instruction Fuzzy Hash: AD81AD34A005189FCB15EFA8D4889BEBBF5FF49700B1480AEE805E7364EB35D882DB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D85DF0 Relevance: .2, Instructions: 211COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b69b06f2923a33b1a601c83fce9c8c88e9827ae4eaaa26c9aa9b91ae0e8f7454
                                                                          • Instruction ID: b0fe9c1efed104a3c791834dd323f585a773dcb58717f8ef98d0621b975f9483
                                                                          • Opcode Fuzzy Hash: b69b06f2923a33b1a601c83fce9c8c88e9827ae4eaaa26c9aa9b91ae0e8f7454
                                                                          • Instruction Fuzzy Hash: 9671B3B16001049FCB01BB64D94589CFBA2FF81290B45867FC5A2AF365DE31DE48C7E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D85E00 Relevance: .2, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 33b7c288545d01b37024b503f3f898de0e50f9d7d37d2958b09d127e70b51e09
                                                                          • Instruction ID: 2cafaebbffc5837a79887809d815fdcbbfecb4b16d01beadae0d45fd6ad0fcfd
                                                                          • Opcode Fuzzy Hash: 33b7c288545d01b37024b503f3f898de0e50f9d7d37d2958b09d127e70b51e09
                                                                          • Instruction Fuzzy Hash: EB71D4B16001009FCB01FB64D94589CFBA2FF81290B45867EC5A2AF325DE31EE48C7E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CBA20 Relevance: .2, Instructions: 175COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 831c67a784c5591817aba56766d905254a2171ce72e43025201c8ad488a2ce69
                                                                          • Instruction ID: 0057361e12035e952b07d281b4b41a432f24d18caa412e0150126dcd2a886948
                                                                          • Opcode Fuzzy Hash: 831c67a784c5591817aba56766d905254a2171ce72e43025201c8ad488a2ce69
                                                                          • Instruction Fuzzy Hash: 7E6105B5E002599FCF14DFA9D949AAEBFF5EF88300F10846AE819E7350DB349905CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D831A8 Relevance: .2, Instructions: 174COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f4d72e0ad36ac36f57f1621c6299d6aae7c02fbc897689565c63457631b477c9
                                                                          • Instruction ID: 802827c8b769b35547f394ee266c06e7dbb95a56d5f13f85f1d073088387aa57
                                                                          • Opcode Fuzzy Hash: f4d72e0ad36ac36f57f1621c6299d6aae7c02fbc897689565c63457631b477c9
                                                                          • Instruction Fuzzy Hash: AE614D7160020A9FCB01DB58D980EAEFBB6FF84310B14C969D5199B315DB31FD4ACB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D85C48 Relevance: .2, Instructions: 163COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4c7401c8a9ca5a924f8e7ecec6122598bb4fac6b248af24bd85acc16aee6d9a5
                                                                          • Instruction ID: 5a9bbfcc857c59fc9d71e3da660067e648d293424e45a680e44de0dafe09f541
                                                                          • Opcode Fuzzy Hash: 4c7401c8a9ca5a924f8e7ecec6122598bb4fac6b248af24bd85acc16aee6d9a5
                                                                          • Instruction Fuzzy Hash: DF5148727056118FC7229B68E844A1EFBE5EFC5720319C4BAD81ECB715DA34EC02C790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8E778 Relevance: .2, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fafe7ee80578c8914744d62df0d2f58e01b8d0221fc09f6c8036c1a73eecc94d
                                                                          • Instruction ID: 91b4da7cf180abdaf066644305863ec6dabd20f7e4b14748c383b58322b5b5a2
                                                                          • Opcode Fuzzy Hash: fafe7ee80578c8914744d62df0d2f58e01b8d0221fc09f6c8036c1a73eecc94d
                                                                          • Instruction Fuzzy Hash: D961EEB0D00259CFDB64EFA9C884B9DFBB5BF88304F14852AE419AB294DB749985CF40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8E76D Relevance: .2, Instructions: 160COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 389df79ca1fd8b5bc7df56a744415a255c68fb084edba700ccb6e9865ad2dea0
                                                                          • Instruction ID: eaef17cd8c0f26cecb09b1ef4882ffa4d94835334d118ea04a85d8831ddf9d60
                                                                          • Opcode Fuzzy Hash: 389df79ca1fd8b5bc7df56a744415a255c68fb084edba700ccb6e9865ad2dea0
                                                                          • Instruction Fuzzy Hash: F261E0B0D00259DFDB64EFA9C884B9DFBB1BF48304F14852AE419AB2A4DB749985CF41
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB80C Relevance: .1, Instructions: 147COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1bf7867382ae838fa70c1a02dc5c750165dc195b9881b1fc956894f0f25ffc60
                                                                          • Instruction ID: 81dbffd1437f026c02ecf35eefd6672fd377014d14644aaf3e2e69682ba235a6
                                                                          • Opcode Fuzzy Hash: 1bf7867382ae838fa70c1a02dc5c750165dc195b9881b1fc956894f0f25ffc60
                                                                          • Instruction Fuzzy Hash: D451E4B1D00219CFDB10CFA8C984ADEBBF5BF59304F2091A9E509BB210DB71AA45DF94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB818 Relevance: .1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4f5e60b4823f887ce0ce2ffe1c1dd80e654f93e66385bfef0c8131161e2b6d6e
                                                                          • Instruction ID: c678164f45e86a4ea737d952c6fea68a9d819f73f4a207e99ff7702e3b5ce5d3
                                                                          • Opcode Fuzzy Hash: 4f5e60b4823f887ce0ce2ffe1c1dd80e654f93e66385bfef0c8131161e2b6d6e
                                                                          • Instruction Fuzzy Hash: 6D51B3B1D00219CFDB20CFA9C984ADEBBB5BF59304F2091A9D509BB210DB71AA45DF94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CE6C0 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8e078c76494f19ca62bdb5983a2fb503bc177134925913ef354c674b22de2e43
                                                                          • Instruction ID: 35e7708702ea66f289c09db28275383591af4c5d6e639ffd28c0eeb21dee9a9b
                                                                          • Opcode Fuzzy Hash: 8e078c76494f19ca62bdb5983a2fb503bc177134925913ef354c674b22de2e43
                                                                          • Instruction Fuzzy Hash: 18417834B142588FDB15DB69D888EADBBFABF49710F1440ADE901EB3A1CA75EC00DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CC9F0 Relevance: .1, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9ed2334d4ae6da30b2697aed25413359f550b57ca818c6bc2d5d4101b345f235
                                                                          • Instruction ID: 6ed367065cb3ec71fa43e046514eea4fc72cbe407380fc853fbb837e2a5122cd
                                                                          • Opcode Fuzzy Hash: 9ed2334d4ae6da30b2697aed25413359f550b57ca818c6bc2d5d4101b345f235
                                                                          • Instruction Fuzzy Hash: 53318930A12218DFCB15EFA4E5489AEBFB6FF89300F2185AEE45667651CB309C65DB40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CC798 Relevance: .1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7e0d62e1e33ad202cccffebfe665e7267f2d956d143ded442b87513585f65d88
                                                                          • Instruction ID: 48d83a9687c925986b882b6f578bd8aeae2ddcd68d275f031cb3165d10f7968b
                                                                          • Opcode Fuzzy Hash: 7e0d62e1e33ad202cccffebfe665e7267f2d956d143ded442b87513585f65d88
                                                                          • Instruction Fuzzy Hash: 0341CCB5E04258DFCB10CFA9D884AAEFFF5EB48310F1480AAE918A7310D734A945CF54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CDF6C Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c4b8ce87e9282221ec65c6d8fd02945baa446f2ea9dd9697c925e91f0cbe7e5
                                                                          • Instruction ID: b202645ea69dc1b8d7d986ad468f817d8029df3ece6cb61318bfef4602a492b9
                                                                          • Opcode Fuzzy Hash: 2c4b8ce87e9282221ec65c6d8fd02945baa446f2ea9dd9697c925e91f0cbe7e5
                                                                          • Instruction Fuzzy Hash: D7411A31A012089FDB14DFA8D858AADBBB2FF89710F1585ADE441FB3A0DB709981DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF808 Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 89c105bd1afe905f172db29d4306d8da0e3942c5a2940ca32f856aca2a6c8542
                                                                          • Instruction ID: 487d597b1e409f2c2730b6c0e8633ce5cf722c818535f5218ec99d04fea47381
                                                                          • Opcode Fuzzy Hash: 89c105bd1afe905f172db29d4306d8da0e3942c5a2940ca32f856aca2a6c8542
                                                                          • Instruction Fuzzy Hash: EE413C30B002089FDB14DFA8D858AADBBF2BF89310F1545ADE451FB3A0DB709981DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB4F0 Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be47532f98a51a25c1ccf50533ad90fd77df1193e53d051594f53f6172b69a65
                                                                          • Instruction ID: 4959a13a3bf9faadee9bd8b1440dd91f699924ddca6e7df97c31325a9a67571f
                                                                          • Opcode Fuzzy Hash: be47532f98a51a25c1ccf50533ad90fd77df1193e53d051594f53f6172b69a65
                                                                          • Instruction Fuzzy Hash: 49419AB4D00358DFCB20CFA9C984ADDFBB0BB09304F20916AE468BB210DB74A985CF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CEC49 Relevance: .1, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 30f12599022c00b3b80c41e99e1d495123e0f2a852e30b13847979a86762fe06
                                                                          • Instruction ID: eacfca512c2a10eedd898b1179456b2432e372dd58ecff6a78c8e7cc6c99105b
                                                                          • Opcode Fuzzy Hash: 30f12599022c00b3b80c41e99e1d495123e0f2a852e30b13847979a86762fe06
                                                                          • Instruction Fuzzy Hash: 2041BC30A005098FDB11EB68D488AAEBBF9FF45304F1485ADE84AD7365DF34A891DB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8BFAA Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 431d68fdd98c1652d1f382978872769466182b69870ba549e2977887a874bdc1
                                                                          • Instruction ID: fea1b9d0f0774e9c228714a0ee09430a75c6ccad5de7762024f79ffbc5318679
                                                                          • Opcode Fuzzy Hash: 431d68fdd98c1652d1f382978872769466182b69870ba549e2977887a874bdc1
                                                                          • Instruction Fuzzy Hash: DA3168B5B002059FCB15DF38D894A6EBBB2FF89310B0081A9E906CB365DB31DD45CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8BFB8 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c11e5df72386023a3da7b7a2c72137ae35a81351d6db62bdc4a07cf6ff43bc6
                                                                          • Instruction ID: 5560e2e3a6202b5e6a3c608e95c9664f4c4640bca15886277631b22727e01f0c
                                                                          • Opcode Fuzzy Hash: 9c11e5df72386023a3da7b7a2c72137ae35a81351d6db62bdc4a07cf6ff43bc6
                                                                          • Instruction Fuzzy Hash: 443168B47002059FCB15DF38D894A6EBBB2FF89310B008069E906CB365DB31ED45CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8F648 Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: da87fb91e12e39dde4781ecfc6e7a5ec3e487f1a14cd385cd9c3981d33e02daa
                                                                          • Instruction ID: 6d0bb50bddde6d566a1f60348d2620be5837e36d29aaf36773d57908d98904d0
                                                                          • Opcode Fuzzy Hash: da87fb91e12e39dde4781ecfc6e7a5ec3e487f1a14cd385cd9c3981d33e02daa
                                                                          • Instruction Fuzzy Hash: EE41DFB0D00248DFDB14DFAAC984ADEFBF5AF48304F20802AE459BB250DB749946CF54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB700 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7611be96969ba8109c5c2f8f06655806e03b42428649abc5f3bcaa93896d7923
                                                                          • Instruction ID: dfd5fbf3428cdc93ae1286537ef8c948e1bb7e4c893013eb4e168bfdc14e0d0a
                                                                          • Opcode Fuzzy Hash: 7611be96969ba8109c5c2f8f06655806e03b42428649abc5f3bcaa93896d7923
                                                                          • Instruction Fuzzy Hash: 7E31E3716082444FC701EF78C84889ABFF6EF8530175585AEE50ADB361EF31D809CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CBA0F Relevance: .1, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 062b55ab8f636c3f2c3bbae21e3fe19117efb66bad3dc0eb417838ce3883a4fc
                                                                          • Instruction ID: f19473451e92b6b53338c1b50680d71162f51454fd66b2e76db854e2db08dd5f
                                                                          • Opcode Fuzzy Hash: 062b55ab8f636c3f2c3bbae21e3fe19117efb66bad3dc0eb417838ce3883a4fc
                                                                          • Instruction Fuzzy Hash: 1F216D71B001459FCB11DBA988059BFBFFAEFC8300B44819EF459E3255EA709A019BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D83F80 Relevance: .1, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86e7c628a94a0dee9626b33d7f0bc48557dd5582c76da5c8e3f2ddb12d946f0e
                                                                          • Instruction ID: 1c2c7b5cdc10214bd964adfedf1244e127806964cb4f828ea281e8d2d455f896
                                                                          • Opcode Fuzzy Hash: 86e7c628a94a0dee9626b33d7f0bc48557dd5582c76da5c8e3f2ddb12d946f0e
                                                                          • Instruction Fuzzy Hash: 9D2181713402026FE709AB35AD65B3EA653FBC02A0F08893DD6528F794DE75ED4AC394
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CDF9C Relevance: .1, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 770946b39c8b3123822d1df08b9d09882d4689a919b526ce21fd315482d058d5
                                                                          • Instruction ID: 39f161de5868338a548c7431f27300eebdba08d2fa634432a4eeca694bf72ee3
                                                                          • Opcode Fuzzy Hash: 770946b39c8b3123822d1df08b9d09882d4689a919b526ce21fd315482d058d5
                                                                          • Instruction Fuzzy Hash: 3621A130A04609CBCB15AF78C5A81AEBF77FF45340B5089EED446B7248EB35D9609BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D83F90 Relevance: .1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4474725a911028a51d8acb71239bd2555d9d5b79318de4fb3273f8a790d1c9f9
                                                                          • Instruction ID: b820ced1001cdb1afef6ecc9db93cccb26ef2e4e0e62f973ef6be26cb619de1d
                                                                          • Opcode Fuzzy Hash: 4474725a911028a51d8acb71239bd2555d9d5b79318de4fb3273f8a790d1c9f9
                                                                          • Instruction Fuzzy Hash: DA21A1303402022FE708AA35AD55B3EA653FBC02A0F04893CD6524F794DE75ED4AC3D4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB2B0 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ab267cf0dc768fb033f11b7047d9baa9a53af92e6571dcffa7ef24927feeb9e8
                                                                          • Instruction ID: fc0e83e39b355ad594535b1cff68740ddfef863fb674835dad5d0a96fa788dfb
                                                                          • Opcode Fuzzy Hash: ab267cf0dc768fb033f11b7047d9baa9a53af92e6571dcffa7ef24927feeb9e8
                                                                          • Instruction Fuzzy Hash: 923176B5D01218DFCB10CFA9D984A9EFBF5BB49310F24906AE918B7310D375A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CBE08 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a694cb39f39860c015c22c56e68188816188f40c2fcc0dd32bf85b10e2e78e8b
                                                                          • Instruction ID: 1f6a8223c161eb6269d98f23bc7bd1752186b454a24a9a0901c6a3da34cae3f5
                                                                          • Opcode Fuzzy Hash: a694cb39f39860c015c22c56e68188816188f40c2fcc0dd32bf85b10e2e78e8b
                                                                          • Instruction Fuzzy Hash: ED31AAB5D012189FCB10CFA9D984A9EFBF4BB49320F14916AE818B7350D375A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 016FD100 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1667575670.00000000016FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016FD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_16fd000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63bf036744b3f2fa9035a76f78a91e36fc50eb65eef2f712b39f676a8bfa93f6
                                                                          • Instruction ID: 3ec2577b86a92eb50910ccd9dc7f5cfbda4d786bd841f2041bf4f38b50ea2a38
                                                                          • Opcode Fuzzy Hash: 63bf036744b3f2fa9035a76f78a91e36fc50eb65eef2f712b39f676a8bfa93f6
                                                                          • Instruction Fuzzy Hash: 4A210371504204DFDB05DF58DDC0B2BBF66FB98315F20C16DEA090A356C336E456C6A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0170D1D4 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1667659417.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_170d000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a90cae99f5fb6ef657ead95e730cdef0debba09458d4d792475bc2b3dd668bff
                                                                          • Instruction ID: fb6eac4b58c9633de3c76b38bea4f7835475294c4e932fc8548281f6e15aaba8
                                                                          • Opcode Fuzzy Hash: a90cae99f5fb6ef657ead95e730cdef0debba09458d4d792475bc2b3dd668bff
                                                                          • Instruction Fuzzy Hash: B221F571508300EFDB16DFD8D5C0B26FBA5FB84324F20C5ADE9094B296C336D446CA61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0170D01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1667659417.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_170d000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 687ae840d6ad62065111e56346f3e337bd00ed404caa6ac2377fd5a7d73578de
                                                                          • Instruction ID: 0c0b6fff64e164d00890481f3109848ae508d36948f88671351e2e6da4556ac5
                                                                          • Opcode Fuzzy Hash: 687ae840d6ad62065111e56346f3e337bd00ed404caa6ac2377fd5a7d73578de
                                                                          • Instruction Fuzzy Hash: CE210071604300DFDB26DF98D984B26FBA5EB88314F20C5A9D80E4B296C33AD446CA61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CDF8C Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 18ede152685eef019e3a035866fcd1460dec75e4ffe8f0381ee8608fc12bb787
                                                                          • Instruction ID: ee6dd4ce4992d16677eeddb11d08d8eee8a46266dc4aee9e7fb6ec74168dfbb0
                                                                          • Opcode Fuzzy Hash: 18ede152685eef019e3a035866fcd1460dec75e4ffe8f0381ee8608fc12bb787
                                                                          • Instruction Fuzzy Hash: AA119472F05106EFCB11AA55D5445FDFFB2EB82350B6048EED48AB3354E73085359B94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84098 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 377a3312d0178a7c54db385a720492f3d436d83e0bfcf239ffe14d44ea07f511
                                                                          • Instruction ID: 8c06f9d5537ab4f28ddc5135e8358291a792ca1877e59b6e6dd43af6aed5aeb2
                                                                          • Opcode Fuzzy Hash: 377a3312d0178a7c54db385a720492f3d436d83e0bfcf239ffe14d44ea07f511
                                                                          • Instruction Fuzzy Hash: 2D11E6757003178FC710EF69E894A5ABBB5FFC4224710462DE5068B740DB75EC058BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8BE2D Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c7ef3e8c4978c09db0b47a94e676448d9ac1e0aca70273726628f67cfc00f2b1
                                                                          • Instruction ID: 9a9a4f7ac1f1ea7888a8575a082faf0b0e10127e9c7ebffa78179c0fdde76c08
                                                                          • Opcode Fuzzy Hash: c7ef3e8c4978c09db0b47a94e676448d9ac1e0aca70273726628f67cfc00f2b1
                                                                          • Instruction Fuzzy Hash: D41125B2A001268FDB11AB59E4804EEF7A4EF85330B058663D92CE7612D731E845CBC4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D863F0 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 48ec51efb4ff86d0274a1ca27b5c32e7dc2833b51e22e679921987909c162e66
                                                                          • Instruction ID: 6829680f1c8817ef090592a43dfdb1d954ce5c2b12078d31720511ae2aa5a894
                                                                          • Opcode Fuzzy Hash: 48ec51efb4ff86d0274a1ca27b5c32e7dc2833b51e22e679921987909c162e66
                                                                          • Instruction Fuzzy Hash: D2118F70A0021A9FCB10DBA9D880AAEF7B5FF84314F044969D5289B355E770EA55CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8CDF8 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 965bc210fac187cdd495b161d075f59805fd77059690e5c6be0134208d8c31b1
                                                                          • Instruction ID: f69837b656d069f394991ca3ec215783533e5481b5c2a4d4456de7d9b3b4a489
                                                                          • Opcode Fuzzy Hash: 965bc210fac187cdd495b161d075f59805fd77059690e5c6be0134208d8c31b1
                                                                          • Instruction Fuzzy Hash: 701136713103008FD721C76CE808F92BBE4EB81320F0481ABE258CF6A2C7B0E846D760
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CC7A8 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97eadcacb45fcb9097166fac70b47793564e66fb98fa0a694e17006dd678d5f0
                                                                          • Instruction ID: bdbf233b005728937e6f5634ee7a3c2dccce6fef10c7631c8092e48207ddee7d
                                                                          • Opcode Fuzzy Hash: 97eadcacb45fcb9097166fac70b47793564e66fb98fa0a694e17006dd678d5f0
                                                                          • Instruction Fuzzy Hash: 9D01F731B082546BCB19DBB988285ADBFEEDB85250B0480FED90DC7341D971AD015394
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 016FD0FB Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1667575670.00000000016FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016FD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_16fd000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                          • Instruction ID: a29a102835440b42ed1f0a1f12d1dbdb0319ba9a25278f7e741df4aa089ff08f
                                                                          • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                          • Instruction Fuzzy Hash: 55119A76504284CFDB16CF54D9C4B16BF62FB84324F24C6ADDD090A256C33AE45ACBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CC7BA Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1f01b6791097cc17e7e1a276cd28f6aeaf3c5a5440e07060982a21ac296ef34d
                                                                          • Instruction ID: 09e68eb8d6ec4fa3850bf97baa0890cbf7f12f3037f09f3d6fc153e956d7c10f
                                                                          • Opcode Fuzzy Hash: 1f01b6791097cc17e7e1a276cd28f6aeaf3c5a5440e07060982a21ac296ef34d
                                                                          • Instruction Fuzzy Hash: 8101D436B442449FCF0767A898585BE7F7DEB86350F1400EDDA1DEB382CA241E01A3A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D85452 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9380e72215f6b3712f8d2db2be97e836fe811f1503273f9fdef80816177519bf
                                                                          • Instruction ID: 46a9b48e07d88d66a1e34c26505fa11345393702b43a3a2d839a566b89a3b65c
                                                                          • Opcode Fuzzy Hash: 9380e72215f6b3712f8d2db2be97e836fe811f1503273f9fdef80816177519bf
                                                                          • Instruction Fuzzy Hash: 7411B2B5B00609CFCF14DF99D9C48AEFBB6FF44310B148565E90697655D730E821CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D833B2 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3378144788fdd13564bdbd65f2229f4d66e04ef59e86d969f407efe28eb982d
                                                                          • Instruction ID: 1a8b1b3293f43db96a2b03f8e4f9e4f311bddc6efa56c590632c7ea80ae78843
                                                                          • Opcode Fuzzy Hash: e3378144788fdd13564bdbd65f2229f4d66e04ef59e86d969f407efe28eb982d
                                                                          • Instruction Fuzzy Hash: 6B118F302007069FC715DB38DD4495EFBA2FF802147148A6DD16A8B766DB71E94BCB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0170D017 Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1667659417.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_170d000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                          • Instruction ID: 3aa4b7dd2eb08cfcdcf0d6db3f33b1f782117a6156806692c54fc008fec0fffb
                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                          • Instruction Fuzzy Hash: 4B11BE75504380CFDB12CF54D5C4B15FFA1FB44314F24C6AAD8094B696C33AD40ACB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0170D1CF Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1667659417.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_170d000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                          • Instruction ID: a3a61b12ca9e84d0f339bee965a82e98f4745f635e9d17a89f2f1527a096599c
                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                          • Instruction Fuzzy Hash: B111BB75508380DFDB12CF98C5C4B15FFA1FB84224F24C6AAD8494B696C33AD40ACB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CCF70 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 560a475c2355bf9b2992a0a1617fb0b421a7b185b9ca0556d4ff126ecd9af4d5
                                                                          • Instruction ID: 7cb29d096dad49b25a862c621553210d3b8f7163f7c4130faa3716340a545044
                                                                          • Opcode Fuzzy Hash: 560a475c2355bf9b2992a0a1617fb0b421a7b185b9ca0556d4ff126ecd9af4d5
                                                                          • Instruction Fuzzy Hash: AC01D872B083445FCB1ADB7448145AD7FBA9B85340F1485FEA419D3292EA349C01A790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D833C0 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d1bb15f8622bc1f73ae70f79ae833f699856264faf470156afe46707c6a217d
                                                                          • Instruction ID: e5ec89aad3b21530a7bf389b09c776c330ba91888b4688f1f566ab16b7de3c74
                                                                          • Opcode Fuzzy Hash: 0d1bb15f8622bc1f73ae70f79ae833f699856264faf470156afe46707c6a217d
                                                                          • Instruction Fuzzy Hash: F8114C302007065FC615EB29D98485AFBA6EFC02143148A2DD16A8B765DB72E94BC794
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CEA08 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d00b8344d513e0cd70285d22797f6e317c2282c14d3e4b76c13e66ac257e84e
                                                                          • Instruction ID: 1844e1925eb262a6e54c3d65102c3c4e0591d51f774475b93d3260ca147ad3a5
                                                                          • Opcode Fuzzy Hash: 0d00b8344d513e0cd70285d22797f6e317c2282c14d3e4b76c13e66ac257e84e
                                                                          • Instruction Fuzzy Hash: 63016D303156114BEA3AA6259858B7E3A9A7F40B45F0540BCED0BDB3D0DFA1DD41A385
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D86168 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4689e6a42022e67ea29daeabc0916d898578d4cd2b657191529a4a4c0972f60
                                                                          • Instruction ID: 8d1f89f274893e76719e2d230a88cfd847e25d0fe7f1a6c8c70565eee40cce23
                                                                          • Opcode Fuzzy Hash: a4689e6a42022e67ea29daeabc0916d898578d4cd2b657191529a4a4c0972f60
                                                                          • Instruction Fuzzy Hash: 3B018F70B002056FD348A6799C44A2BBAEBFFC9250B50802EE60ACB385DE31DC01C3A4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D86160 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 192d077f0445b75f36e68706dc6ad65d7f333ad1c6f57214ec20941073cbcc90
                                                                          • Instruction ID: c098918a26aadc5f84e7bece79ff9a192a4ee165bc294a022a3ed7702ef9d706
                                                                          • Opcode Fuzzy Hash: 192d077f0445b75f36e68706dc6ad65d7f333ad1c6f57214ec20941073cbcc90
                                                                          • Instruction Fuzzy Hash: DC01D470B002016FD308AB789D44B2BAAEBFFC9250B50802EE20ACB745DE30DC02C3A4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CFD78 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4d2db699971c63ef5b2859b7f419355cc84aa2b183150ca88a9292da4ba473ad
                                                                          • Instruction ID: 45e777132ec683316f82e9bc82ca96405088a5c7784b2508659ceeecd1131021
                                                                          • Opcode Fuzzy Hash: 4d2db699971c63ef5b2859b7f419355cc84aa2b183150ca88a9292da4ba473ad
                                                                          • Instruction Fuzzy Hash: 9A01C071344A408FC718DB2AD858B26BBE2FFC9715B18C4BDD11A8B721CA30D804CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CE9F9 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b335414f11be48cb05b5c483eee463d443ac169f7ac0d30809684440b79bbaf
                                                                          • Instruction ID: e57a9869c38d1432c6438490104199247aaa18c121f4fe1bfbc09ac062822de8
                                                                          • Opcode Fuzzy Hash: 0b335414f11be48cb05b5c483eee463d443ac169f7ac0d30809684440b79bbaf
                                                                          • Instruction Fuzzy Hash: 0501D1303096014FEB3A96258859BBE3E9A7F40B04F0440FCED07DB3C1DBA1E841A781
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CFA60 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c47b4c332451c1b252215402ebff5e61bd0fdcd07724e18d9439c3472390e248
                                                                          • Instruction ID: f266b6051ba8d0c16cadf41630abbd5ee95303fb557fe1296b90292991b56866
                                                                          • Opcode Fuzzy Hash: c47b4c332451c1b252215402ebff5e61bd0fdcd07724e18d9439c3472390e248
                                                                          • Instruction Fuzzy Hash: 8201A272E04115AFCB15AB99D9086EDBFF3EB82350B1448EED84AE3395E23085155BD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CFD88 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9d416280c0a9574fa6364e0250ebf05393129c48be5537db5ab4a3983f31eaa6
                                                                          • Instruction ID: c4941acbe44f9f9727819cb2c69afa9f30f36daea0311dcc7d347ad76e258821
                                                                          • Opcode Fuzzy Hash: 9d416280c0a9574fa6364e0250ebf05393129c48be5537db5ab4a3983f31eaa6
                                                                          • Instruction Fuzzy Hash: CF017C71704A108FC718DB2AD858A26BBE6FFC871571884BDD11ACB765CA30DC05CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CE6B0 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf66ce7bea455f030dc801bd2fe4969daa67f9c9ad2de33f4e5b2be68dee21f6
                                                                          • Instruction ID: 7bd28e99d07530e5a55846d4eb20f8f35a360f086fffd2eb843b79abb8675629
                                                                          • Opcode Fuzzy Hash: cf66ce7bea455f030dc801bd2fe4969daa67f9c9ad2de33f4e5b2be68dee21f6
                                                                          • Instruction Fuzzy Hash: 29017C34A18258AFCB15DBA5D985EDEBFF9EF4A300F044099E801FB321C635A8009F50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8BF38 Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f9d2695994244f9b1e3aac1c9c60732b91107065b25fdc35c1d9971f6c530e49
                                                                          • Instruction ID: 0355895f8e005e34a1154e660a548d6243047c8cd132191e7ae08f34f29d2bef
                                                                          • Opcode Fuzzy Hash: f9d2695994244f9b1e3aac1c9c60732b91107065b25fdc35c1d9971f6c530e49
                                                                          • Instruction Fuzzy Hash: 9B01A4F0610706CFCBA9AA35D904527F7F6FF85305B149C7EE44286624EA72E485CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D856A8 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7842547d105df8f4cd8d70e5ea7a67c2b9a77b4e7a9c40ff21172d115802950e
                                                                          • Instruction ID: d404de6dab9be7c0cd8469992169825262ae4daf665f5a3e48f154d009cd4a76
                                                                          • Opcode Fuzzy Hash: 7842547d105df8f4cd8d70e5ea7a67c2b9a77b4e7a9c40ff21172d115802950e
                                                                          • Instruction Fuzzy Hash: CC016D301087458FC311DF24D494896FBF9EF45320719CA9AD49A8BA52C734F88ACB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CE998 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63d2f3b38c17114ad2727f26bc677d00c119464009ceeb7da524705eff1f4687
                                                                          • Instruction ID: 3d5cc4ecdb5b8d0fd310fb7d418d980657e1c7b59c0f102c60128e352103f678
                                                                          • Opcode Fuzzy Hash: 63d2f3b38c17114ad2727f26bc677d00c119464009ceeb7da524705eff1f4687
                                                                          • Instruction Fuzzy Hash: 7DF0EC323405154FCB15A17DD44DB2E7BAEDFC9B20F24417EE909C7365DE669C0152D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057C1B48 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 19176fc358c08b0b8a9749cd31df02263999e9f3763a04b293c0781e4e246202
                                                                          • Instruction ID: ca6938f36a0f05b49e4af7ab20967f0abc0fc923ec458a9325e0b7a268c7fa90
                                                                          • Opcode Fuzzy Hash: 19176fc358c08b0b8a9749cd31df02263999e9f3763a04b293c0781e4e246202
                                                                          • Instruction Fuzzy Hash: 63F0E5313406154BCA15A26D948C93EBB9EEFCA721B20017EEA09C7315CEA58C0152D6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF77B Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 517dc8c2baf5a92b3e602a540bb817a357dbaa9b7809308cd1372f8bca8d5ff2
                                                                          • Instruction ID: 59996cf78fff19df0450514484f6a4e34aebc7dfd0b02d4e009733a72bb05a20
                                                                          • Opcode Fuzzy Hash: 517dc8c2baf5a92b3e602a540bb817a357dbaa9b7809308cd1372f8bca8d5ff2
                                                                          • Instruction Fuzzy Hash: E5F058353504108FC714DB2DC808E197BE9AF89A20B1640AAE10ACB372DA61EC028B80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CD330 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b145304310fdaf84fc72538d8ba83a0691c807f019bc78b96d629c7654cf3a82
                                                                          • Instruction ID: 346c24f6fa0c67b2a43a77fa377fb371c64f05efbe9b39038377a5e09f2aa28c
                                                                          • Opcode Fuzzy Hash: b145304310fdaf84fc72538d8ba83a0691c807f019bc78b96d629c7654cf3a82
                                                                          • Instruction Fuzzy Hash: 30F0E531A08358AFD716CA6A880489ABFF9EE84250B04C0FFE808C7302E231AC019790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8CDE7 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3b504975c228a35a84e56dcc2bd1a4e780c4ccd8d12bd50619349c1a91fca345
                                                                          • Instruction ID: 73f861b017561ab067787586371016233fe86ce41df65fc1a1fe8971d764e7db
                                                                          • Opcode Fuzzy Hash: 3b504975c228a35a84e56dcc2bd1a4e780c4ccd8d12bd50619349c1a91fca345
                                                                          • Instruction Fuzzy Hash: 2BF0B431710201DFD721DB28DC49F95BBA5EB45714F0486A6F2588B1A2D3B0D8459754
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8BF2A Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea83cb292cc462a71c7b0ae6f7067cd6adcc2d9d171cce24b05be53bc4104aa2
                                                                          • Instruction ID: a0c3c05b088f9a7fb6de7ca31661b50edfdfe6471fefc74b9713577fa13806c2
                                                                          • Opcode Fuzzy Hash: ea83cb292cc462a71c7b0ae6f7067cd6adcc2d9d171cce24b05be53bc4104aa2
                                                                          • Instruction Fuzzy Hash: 55F0E2F16047028FCB65AE21D500723FBA2FF81305F04986EE08247A14EA76F448CF40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF788 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40b8e6f22d410bb267489f8c4681fa85cccbffc24e562b76b01c8c68b00df82c
                                                                          • Instruction ID: 8453352911e2c0cf4d24d420442ce7e4b5d1909656fb4a39a757c7ffe36794bd
                                                                          • Opcode Fuzzy Hash: 40b8e6f22d410bb267489f8c4681fa85cccbffc24e562b76b01c8c68b00df82c
                                                                          • Instruction Fuzzy Hash: FFF0C9353604148FC754DB2DD858D5977E9AF89A2531640FEF10ACB372DE61DC018B94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB6A7 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f3a27ffff972e74f171880153ae1f06acb404dbd206d2990d53aa82e2d5c6a63
                                                                          • Instruction ID: 85a16a32b9bfd8cdea973577f02fd9a7eb333fbdb976bcfaec4849d3680b588b
                                                                          • Opcode Fuzzy Hash: f3a27ffff972e74f171880153ae1f06acb404dbd206d2990d53aa82e2d5c6a63
                                                                          • Instruction Fuzzy Hash: 40F0A7B0A09304AFC701DFA4ED4589D7FB9EB512007104199E80593316DA326E41F755
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF157 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 248d1ca1bd249939398043ca92c30170ee4992ad8ab9faef0cd57c0ae52c2ca3
                                                                          • Instruction ID: 78625ec52dcb36f0dcdbcc504a1f7a8899a1498aa7fbfa78aa55f474ef2a809a
                                                                          • Opcode Fuzzy Hash: 248d1ca1bd249939398043ca92c30170ee4992ad8ab9faef0cd57c0ae52c2ca3
                                                                          • Instruction Fuzzy Hash: 3FE0D8B27102101BD614BA39C85CB5B379ADF96630B4008BDE506C7360CD60DC029290
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CDEE0 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1ecb611c0987f2c4dcfac91b50e7a44604ab72cdd37b6b61b4262dcfcf073913
                                                                          • Instruction ID: 2255957d338e43cc0eab9aa5b959b12ab0a377f54b783af47f918306c136d141
                                                                          • Opcode Fuzzy Hash: 1ecb611c0987f2c4dcfac91b50e7a44604ab72cdd37b6b61b4262dcfcf073913
                                                                          • Instruction Fuzzy Hash: 9FE04F717502205B8624BA39C89C86B7AAAEF85B6034048ADE806CB361CD61DC019690
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF7C8 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c3fe979356d80c8f347c697288593004663c5dcf9120877403729043f91f85d
                                                                          • Instruction ID: b942b8328a167779c23a3754301021ce4a25ae79bb588fc350b124f9f0b9c6a8
                                                                          • Opcode Fuzzy Hash: 2c3fe979356d80c8f347c697288593004663c5dcf9120877403729043f91f85d
                                                                          • Instruction Fuzzy Hash: 98E05B7B5450100BEB20D524FC837C62792FB98705F1D885DD4C1DB145C619F5879150
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CCB26 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7038ebc9923d8c41ea480f6f61b2093f3d8a72ccb41b2152687cace92e7526e7
                                                                          • Instruction ID: d36cb0921454e0af989db326c08f4fecb6f4d6f0dfd54b33833f58553ddb3979
                                                                          • Opcode Fuzzy Hash: 7038ebc9923d8c41ea480f6f61b2093f3d8a72ccb41b2152687cace92e7526e7
                                                                          • Instruction Fuzzy Hash: D2E09A7196020DDACB15DB80E1087EEBF75FB44316F20005EE02AB1650C7300A90DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84180 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 144f48e603cf5f3e0844feb15bd4458467f6d8223be0250384d9babb844f3602
                                                                          • Instruction ID: 0cda5e0ff2ff05d0b081def87842b4996e10ca66f144c662e61edfa0aa174f27
                                                                          • Opcode Fuzzy Hash: 144f48e603cf5f3e0844feb15bd4458467f6d8223be0250384d9babb844f3602
                                                                          • Instruction Fuzzy Hash: 21E06570E0420CAFCB44DFA8D54869CBFF5EF44304F0081A8E818A3320EA386A19CF80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CDF5C Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6fcd948b286d55d478131ab29c64ee46572bdd7bffcbf11c2aabcbf9533c00bc
                                                                          • Instruction ID: 7ef945464f65a50fa639c1e12c5703f7780d5b7a594f903fa2d043d160355a18
                                                                          • Opcode Fuzzy Hash: 6fcd948b286d55d478131ab29c64ee46572bdd7bffcbf11c2aabcbf9533c00bc
                                                                          • Instruction Fuzzy Hash: 55D02E3368802006D920D614ACC27A92BC3FBC8300F198CAEE082E7048C62AC9828200
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8C7F0 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97fe072c9008d98866265dfe00ddefd2836e7888b79c9a6e1e42e47f924a3bb4
                                                                          • Instruction ID: 81a97b879047f12b65e9e2c5c1ec8a5f8a7bf69394ec8803343c789437913c61
                                                                          • Opcode Fuzzy Hash: 97fe072c9008d98866265dfe00ddefd2836e7888b79c9a6e1e42e47f924a3bb4
                                                                          • Instruction Fuzzy Hash: F7E02BF26902028FCB21AB35ED605AA7BE68FC42213069856E40DC7634EF30D846C791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CB6B8 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a21d020828f9b3b0bea351881862c72f14f9c62432e629e164450ee8cac75f18
                                                                          • Instruction ID: 3e75df5b53cfefff359114147c115bb9116355dbde1229fb4c06e2149226d88a
                                                                          • Opcode Fuzzy Hash: a21d020828f9b3b0bea351881862c72f14f9c62432e629e164450ee8cac75f18
                                                                          • Instruction Fuzzy Hash: 82E086B0A00309EFCB00EFA8E94585D7FF9FB452007104558E80593316DE316E80DB55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84190 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a07caeaf31572882221377ce40145472d726c93629dfb72bd5c9489842f8d41e
                                                                          • Instruction ID: 6d1e063623e200eedc94c9095ff4ef5104fd7a20704e08cf8be0df041ea2a14c
                                                                          • Opcode Fuzzy Hash: a07caeaf31572882221377ce40145472d726c93629dfb72bd5c9489842f8d41e
                                                                          • Instruction Fuzzy Hash: 81E09270E0420CAFCB44EFA8D54559DBBF5AB48300F0081A9E809A7354EA345A548F81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84C5E Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a5f7d72d4f70ec670819ae4f17b58d0f18cbf665f004f75a23f4d85607199b34
                                                                          • Instruction ID: 2f3fe86093c3a83ce162bc62ed1bf1ec9ae6c760f0d9d6916547e1193f006d96
                                                                          • Opcode Fuzzy Hash: a5f7d72d4f70ec670819ae4f17b58d0f18cbf665f004f75a23f4d85607199b34
                                                                          • Instruction Fuzzy Hash: C2D05E5644E7CD0EC30387A8BD662903FB49E43245B4945C3D0C4CA267D21D58ACC376
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF130 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9eefd48726a34969acee4f5e3937ce6b7e44c0727693302095416087e451c12d
                                                                          • Instruction ID: 13cab8ead6c0f336d410347770489b532fd66b57e6c2950c2d3f8c9fc8b1f508
                                                                          • Opcode Fuzzy Hash: 9eefd48726a34969acee4f5e3937ce6b7e44c0727693302095416087e451c12d
                                                                          • Instruction Fuzzy Hash: A0C0801634452417D705709454077DF7B5D47D9D70F440079ED0597741CD45584731DD
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CE2D8 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 13a478107c5c54ed0c96d22c10341b2d9840b5eac10c49dc7d49ac444d9f4670
                                                                          • Instruction ID: c6bb93ad300d6259ff54a7305f1c47b90b00a830d5ac21f0ae978b08ea5529f3
                                                                          • Opcode Fuzzy Hash: 13a478107c5c54ed0c96d22c10341b2d9840b5eac10c49dc7d49ac444d9f4670
                                                                          • Instruction Fuzzy Hash: 81C0222338412807D9023068A80919E2F2C4B97430B8403AAD908CAB41CC8E2C0222D6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84157 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5a3b5b1b15d74fea6e37991d51238318f67ffa3efa751a5cc97ff65db587e384
                                                                          • Instruction ID: 446ba74a011ccef28448bcff604fc26b1e3d3b5c5ae2d27233e86fa281914080
                                                                          • Opcode Fuzzy Hash: 5a3b5b1b15d74fea6e37991d51238318f67ffa3efa751a5cc97ff65db587e384
                                                                          • Instruction Fuzzy Hash: 16D0123550834C9FC320CB94D5497E57FA8D705314F4002E5F84847F21CB769401A7D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CF140 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d7139a15bd3e63aa26ec4b76b092ed059f8d2b34fcd67a5cb94b590b798f0be5
                                                                          • Instruction ID: 2a17353f4ddba2a1aec2d0290e546c79d5299b5abd26278d92ba4009a434f37f
                                                                          • Opcode Fuzzy Hash: d7139a15bd3e63aa26ec4b76b092ed059f8d2b34fcd67a5cb94b590b798f0be5
                                                                          • Instruction Fuzzy Hash: D3B0922230853813091A31D9241A8AE778E498AAB124001BEE909876408D861D8112DE
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 057CE2E8 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1676814705.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_57c0000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e8e1d8457cc631d7188a78e124af8ded5f225418e100557a98d7a4e6d8401f73
                                                                          • Instruction ID: baf204f6c78e90b092ec385628013673bf8332bf5ec8d25cd8a19887b46ad2a0
                                                                          • Opcode Fuzzy Hash: e8e1d8457cc631d7188a78e124af8ded5f225418e100557a98d7a4e6d8401f73
                                                                          • Instruction Fuzzy Hash: ABB012337A453C13181B319D341C4EE778D49C79B028000AFEA0D97740CDCA2E0163DE
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8AFA1 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 60f4a695ecff15dadd198c8870a26e06ccc48f1336add792fba6d1b16cbddd82
                                                                          • Instruction ID: 7051ad944c73f3ea33f49096f85db8ad50999394c253ca1ebdbba2fe6c530136
                                                                          • Opcode Fuzzy Hash: 60f4a695ecff15dadd198c8870a26e06ccc48f1336add792fba6d1b16cbddd82
                                                                          • Instruction Fuzzy Hash: 8AD0C7315492838FCF0D9B24F55A541BF71AA4220530944D7D1918B263C6589983DF62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D8A150 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b675d85880d71a985be83a599373ad6f49b67a1f80ead0b8af893c886a89e153
                                                                          • Instruction ID: d2e735b11bfaf167b3e7ff420b8495bc434ff1d39b01f00edb3df67c58459e3e
                                                                          • Opcode Fuzzy Hash: b675d85880d71a985be83a599373ad6f49b67a1f80ead0b8af893c886a89e153
                                                                          • Instruction Fuzzy Hash: 09C0807954D3C0DFC35347705A1F9A57F305B57710F0580C7D28C49492C1940040D767
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D84168 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8387af5edd1df8e44677956a1896fa1c1ec5a330259eb21f9f132d38ee93952d
                                                                          • Instruction ID: 8852bc75330cb5a187c575a93f3f2af58861646f397a09c9751e9f2e8b52842f
                                                                          • Opcode Fuzzy Hash: 8387af5edd1df8e44677956a1896fa1c1ec5a330259eb21f9f132d38ee93952d
                                                                          • Instruction Fuzzy Hash: BEB0927094530CAF8620DB99990185ABBACDA0A310F0001D9F90887320D976E91056D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 07D85DC8 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000001.00000002.1679863544.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_1_2_7d80000_MSBuild.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: df26ac6a79e42d6827e2c5f7ce5b54d8782c98ceee5c4a39daaf91455e8ec64d
                                                                          • Instruction ID: c5c380350a6944c55a09adc44cab8a1a3e82c10d6ffe361d99b403fb93730498
                                                                          • Opcode Fuzzy Hash: df26ac6a79e42d6827e2c5f7ce5b54d8782c98ceee5c4a39daaf91455e8ec64d
                                                                          • Instruction Fuzzy Hash: 81C08CF82005015FD7458B208C48A2BBEE3EBD8301F01C43862068A27CDE34C892DAA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%